Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
nso7806.exe

Overview

General Information

Sample name:nso7806.exe
renamed because original name is a hash value
Original sample name:nso7806.tmp
Analysis ID:1375666
MD5:0e167b5aeec155c784c678d42a22e1b9
SHA1:6876b0a2a8d90fd7b8ebcddc2b48cbff2a821acc
SHA256:72528d094438e300e028d80183b3ea5424897999123ffde14e06645d489343ae
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:6
Range:0 - 100

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Creates multiple autostart registry keys
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
DLL planting / hijacking vulnerabilities found
Detected potential crypto function
Drops PE files
EXE planting / hijacking vulnerabilities found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • nso7806.exe (PID: 6248 cmdline: C:\Users\user\Desktop\nso7806.exe MD5: 0E167B5AEEC155C784C678D42A22E1B9)
    • chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7196 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
      • chrome.exe (PID: 7880 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • PcAppStore.exe (PID: 7568 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: A0D255A0293C7775D917EB7BD8F79223)
      • NW_store.exe (PID: 1032 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" .\ui\. MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 1588 cmdline: C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68 MD5: AAD2814325B2F176B0D03B827245BF92)
          • NW_store.exe (PID: 6520 cmdline: C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 8156 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 352 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 6360 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 3196 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1 MD5: AAD2814325B2F176B0D03B827245BF92)
        • explorer.exe (PID: 4004 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
          • PcAppStore.exe (PID: 4776 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: A0D255A0293C7775D917EB7BD8F79223)
          • PcAppStore.exe (PID: 6420 cmdline: "C:\Users\user\PCAppStore\PcAppStore.exe" /init default MD5: A0D255A0293C7775D917EB7BD8F79223)
          • dllhost.exe (PID: 6420 cmdline: C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
          • backgroundTaskHost.exe (PID: 5408 cmdline: "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider MD5: DA7063B17DBB8BBB3015351016868006)
          • AutoUpdater.exe (PID: 5408 cmdline: "C:\Users\user\PCAppStore\AutoUpdater.exe" /i MD5: E94CED8CA1236B3D9D54061C4580B97D)
        • NW_store.exe (PID: 3856 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 6392 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 6760 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 2304 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 6512 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 1012 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8 MD5: AAD2814325B2F176B0D03B827245BF92)
        • NW_store.exe (PID: 1916 cmdline: "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2 MD5: AAD2814325B2F176B0D03B827245BF92)
  • msiexec.exe (PID: 5792 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: explorer.exe PID: 4004ironshell_phpSemi-Auto-generated - file ironshell.php.txtNeo23x0 Yara BRG + customization by Stefan -dfate- Molls
  • 0xbb7f8:$s2: ~ Shell I

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\PCAppStore\AutoUpdater.exeReversingLabs: Detection: 50%
Source: C:\Users\user\PCAppStore\PcAppStore.exeReversingLabs: Detection: 41%
Source: C:\Users\user\PCAppStore\Uninstaller.exeReversingLabs: Detection: 26%
Multi AV Scanner detection for submitted file
Source: nso7806.exeReversingLabs: Detection: 37%
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: wkscli.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\swiftshader\libEGL.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINHTTP.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: iri.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: ncrypt.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINMM.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: Secur32.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: SspiCli.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: MSASN1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: omadmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxva2.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dcomp.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\node.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: kbdus.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dwmapi.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: WININET.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mfplat.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: CRYPTSP.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: MDMRegistration.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: ColorAdapterClient.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: UMPDC.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: NTASN1.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d11.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxilconv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: UIAutomationCore.DLL
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: urlmon.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d10warp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: winnlsres.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: CRYPTBASE.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d12.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dbghelp.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msvproc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: Wldp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mf.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: TextShaping.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: wlanapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: tbs.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: PROPSYS.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: SSPICLI.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: profapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DMCmnUtils.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: srvcli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: VERSION.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: USERENV.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: webio.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: DPAPI.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: netutils.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\nw.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: IPHLPAPI.DLL
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\swiftshader\libGLESv2.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mscms.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mfperfhelper.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: iertutil.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dhcpcsvc.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxgi.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: RTWorkQ.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: OLEACC.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msmpeg2vdec.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: D3DSCache.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DWrite.dll
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Source: https://td.doubleclick.net/td/rul/858128210?random=1705436182296&cv=11&fst=1705436182296&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.configHTTP Parser: No favicon

Compliance

barindex
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: wkscli.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINSTA.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\swiftshader\libEGL.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINHTTP.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: iri.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: ncrypt.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WINMM.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: WTSAPI32.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: Secur32.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: SspiCli.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: MSASN1.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: omadmapi.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxva2.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dcomp.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\node.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: kbdus.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dwmapi.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: WININET.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mfplat.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: CRYPTSP.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: MDMRegistration.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: ColorAdapterClient.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: UMPDC.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: NTASN1.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d11.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxilconv.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: UIAutomationCore.DLL
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: urlmon.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d10warp.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: winnlsres.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: CRYPTBASE.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: d3d12.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dbghelp.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msvproc.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: Wldp.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mf.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: TextShaping.dll
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: wlanapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: tbs.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: PROPSYS.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: SSPICLI.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: profapi.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DMCmnUtils.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: srvcli.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: VERSION.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: USERENV.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DEVOBJ.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: CRYPTBASE.DLL
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: webio.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: DPAPI.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msvcp110_win.dllJump to behavior
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: netutils.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\nw.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: IPHLPAPI.DLL
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\swiftshader\libGLESv2.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: edputil.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mscms.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: mfperfhelper.dll
Source: C:\Users\user\PCAppStore\AutoUpdater.exeDLL: iertutil.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dhcpcsvc.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: dxgi.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: RTWorkQ.DLL
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: OLEACC.dllJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeDLL: WindowsCodecs.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: msmpeg2vdec.dll
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: D3DSCache.dll
Source: C:\Users\user\Desktop\nso7806.exeDLL: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDLL: DWrite.dll
EXE planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\Uninstaller.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\PcAppStore.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeEXE: C:\Users\user\PCAppStore\AutoUpdater.exeJump to behavior
Uses 32bit PE files
Source: nso7806.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Uses insecure TLS / SSL version for HTTPS connection
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49748 version: TLS 1.0
Creates a directory in C:\Program Files
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDirectory created: C:\Program Files\nw1032_778554751Jump to behavior
Creates a software uninstall entry
Source: C:\Users\user\Desktop\nso7806.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Creates license or readme file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior
PE / OLE file has a valid certificate
Source: nso7806.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.6:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49857 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49869 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: nso7806.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: libEGL.dll.pdb source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1060_D20230602T153648\fa_rss\AppStoreUpdater\Release\auto_updater.pdb3 source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw73_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: NW_store.exe, 0000000D.00000000.2642591171.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000E.00000000.2658552978.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000F.00000000.2660715102.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000011.00000000.2666510143.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000012.00000000.2670517806.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000013.00000000.2680641532.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000014.00000000.2684375968.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Build\Build_1060_D20230602T153648\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1CF8B FindClose,FindFirstFileExW,GetLastError,22_2_00D1CF8B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1CFAB FindFirstFileExW,22_2_00D1CFAB
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D51488 FindFirstFileExW,22_2_00D51488
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732783040 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,24_2_00007FF732783040
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49748 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: unknownTCP traffic detected without corresponding DNS query: 20.25.241.18
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BF8C90 GetTickCount64,URLDownloadToFileW,__Mtx_unlock,DeleteFileW,22_2_00BF8C90
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060 HTTP/1.1Host: pcapp.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1681303948561 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/img/done_windows_icon.png HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/img/done_windows_icon.png HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465
Source: global trafficHTTP traffic detected: GET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1681303948561 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=start&permision=Default HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=installing&e=03000200-0400-0500-0006-000700080009&u=12345678-1234-5678-90AB-CDDEEFAABBCC HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XoVOyuUGTZwpMXa&MD=r8KW9uYS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /td/rul/858128210?random=1705436182296&cv=11&fst=1705436182296&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1705436182296&cv=11&fst=1705436182296&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/viewthroughconversion/858128210/?random=1705436182336&cv=11&fst=1705436182336&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1705436182336&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_XZcSQSqXxQ4Pq-1Tbu-PTuQyxr3-mA&random=2226860448&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1705436182296&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_D4wjk57hF6pvHQk4737VHsVuvC7YGQ&random=629994904&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1705436182336&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_XZcSQSqXxQ4Pq-1Tbu-PTuQyxr3-mA&random=2226860448&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global trafficHTTP traffic detected: GET /pagead/1p-user-list/858128210/?random=1705436182296&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_D4wjk57hF6pvHQk4737VHsVuvC7YGQ&random=629994904&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global trafficHTTP traffic detected: GET /lp/appstore/img/favicon.ico HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465; _gcl_au=1.1.951475049.1705436182; _ga=GA1.1.557226424.1705436182; _ga_VFQWFX3X1C=GS1.1.1705436182.1.0.1705436182.60.0.0
Source: global trafficHTTP traffic detected: GET /pixelgif.php HTTP/1.1Host: pcapp.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _fcid=1705436170641465; _gcl_au=1.1.951475049.1705436182; _ga=GA1.1.557226424.1705436182; _ga_VFQWFX3X1C=GS1.1.1705436182.1.0.1705436182.60.0.0
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=systeminfo&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=pc_apps&a[]=7-Zip+23%2E01+%28x64%29&a[]=Mozilla+Firefox+%28x64+en-US%29&a[]=Mozilla+Maintenance+Service&a[]=Microsoft+Office+Professional+Plus+2019+-+en-us&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Licensing+Component&a[]=Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration&a[]=Adobe+Acrobat+%2864-bit%29&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532&a[]=Google+Chrome&a[]=Microsoft+Edge&a[]=Microsoft+Edge+Update&a[]=Microsoft+Edge+WebView2+Runtime&a[]=Java+Auto+Updater&a[]=Java+8+Update+381&a[]=Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Extensibility+Component HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /cpg_fa.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420 HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&inst_parent=&evt_src=fa_installer&evt_action=done HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: pcapp.storeConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1705441663322&nocache=5721718 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XoVOyuUGTZwpMXa&MD=r8KW9uYS HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /css2?family=Bebas+Neue&display=swap HTTP/1.1Host: fonts.googleapis.comConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1X-Client-Data: CKeBywE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=started&&eng_time=1705441664012&nocache=5726312 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1705436224705&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /src/main_code_nw.js HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /appstore-menu/?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242502 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Content-Type: application/json;charset=UTF-8Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /appstore-taskbar/?a=notificationsTab&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242512 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Content-Type: application/json;charset=UTF-8Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /api/api.php?c=front&a=getAttrUserData&p[guid]=4D802742-3099-9C0E-C19B-2A23EA1FC420&p[fields][]=fullname&p[fields][]=email&p[fields][]=firstname&p[fields][]=lastname HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Content-Type: application/json;charset=UTF-8Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /appstore-topbar/?a=init&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242666 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Content-Type: application/json;charset=UTF-8Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=settings&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242441&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=menu_search&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242444&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_offer&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242447&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/avgtuneup_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/msoffice21_bus_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/msoffice21_home_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/ccleaner_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/fastapp_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/msoffice2021_profplus_bind_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_menu_store&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242450&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=main_window&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242453&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/avastav_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/mcafeeav_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/nortonav_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pcapp/images/3rdparty/avastvpn_square_logo.png HTTP/1.1Host: repcdn.pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_notifications&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242456&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_topbar&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242488&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=windows_created&&eng_time=1705441700877&nocache=5759265 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /notify_app_v2.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&lastid=0&lasttime=0&end_v=fa.1060&nocache=5759078 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=printers_add&printers%5B0%5D=OneNote&printers%5B1%5D=OneNote%20%28Desktop%29&printers%5B2%5D=Microsoft%20XPS%20Document%20Writer&printers%5B3%5D=Microsoft%20Print%20to%20PDF&printers%5B4%5D=Fax&eng_time=1705441700980&nocache=5763765 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=notify_widget_hide&&eng_time=1705441701449&nocache=5769203 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=wlanspots&&eng_time=1705441701920&nocache=5770609 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B5%5D=0&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B5%5D=0&software%5B6%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&eng_time=1705441703824&nocache=5772015 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B5%5D=16.0.16827.20130&eng_time=1705441703825&nocache=5773515 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_menu_store&evt_action=updated&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436244411&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: finishInstallInApp=done
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000000EC65046B8 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B3%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B3%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B4%5D=20231005&eng_time=1705441703826&nocache=5774937 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_menu_store&evt_action=open_start_menu&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436258360&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: finishInstallInApp=done
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_menu_store&evt_action=show&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436258887&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: finishInstallInApp=done
Source: global trafficHTTP traffic detected: GET /pixel.gif?evt_src=fa_menu_store&evt_action=close&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436259333&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1Host: pcapp.storeConnection: keep-alivesec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: finishInstallInApp=done
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=start&&nocache=5780015 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=0&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B3%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B3%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&eng_time=1705441703828&nocache=5776437 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /fa_version.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&end_v=fa.1060&nocache=5781671 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=C2RInt64.16.msi&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B4%5D=2876741644&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B7%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&eng_time=1705441703829&nocache=5785125 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=end&&nocache=5785140 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: pcapp.storeConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B4%5D=Office%2016%20Click-to-Run%20Licensing%20Component&eng_time=1705441703831&nocache=5793750 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B4%5D=16.0.16827.20130&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B4%5D=16.0.16827.20130&software%5B5%5D=3947252638&software%5B6%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&eng_time=1705441703832&nocache=5795140 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B4%5D=1033&eng_time=1705441703834&nocache=5796546 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B3%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&eng_time=1705441703835&nocache=5800968 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=Microsoft%20Corporation&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B3%5D=683550624&software%5B4%5D=Java%208%20Update%20381&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B6%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B6%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B7%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&eng_time=1705441703836&nocache=5802375 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B2%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B2%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B3%5D=1033&eng_time=1705441703837&nocache=5819234 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=Java%208%20Update%20381&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B3%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B3%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B4%5D=jre1.8.0_381.msi&eng_time=1705441703839&nocache=5820671 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=hardz&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B3%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B3%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B4%5D=Oracle%20Corporation&eng_time=1705441703840&nocache=5825109 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=4108200906&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B4%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B4%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B5%5D=%0A%09%09%09&eng_time=1705441703842&nocache=5826531 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=20231003&software%5B1%5D=20231003&software%5B2%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B1%5D=20231003&software%5B2%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B3%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&eng_time=1705441703843&nocache=5827953 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&eng_time=1705441703845&nocache=5829343 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=AcroPro.msi&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B4%5D=http%3A%2F%2Fwww.adobe.com&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B4%5D=http%3A%2F%2Fwww.adobe.com&software%5B5%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&eng_time=1705441703847&nocache=5833781 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=23.006.20320&software%5B1%5D=23.006.20320&software%5B2%5D=608935337&software%5B3%5D=&software%5B3%5D=&software%5B4%5D=%7B9AC08E99-230B-47e8-9721-4577B7F124EA%7D&software%5B3%5D=&software%5B4%5D=%7B9AC08E99-230B-47e8-9721-4577B7F124EA%7D&software%5B5%5D=0&software%5B6%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&eng_time=1705441703849&nocache=5835265 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B4%5D=1033&eng_time=1705441703850&nocache=5836750 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B3%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&eng_time=1705441703851&nocache=5838234 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=Microsoft%20Corporation&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B3%5D=3799061807&software%5B4%5D=Java%20Auto%20Updater&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B6%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B6%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B7%5D=20231003&eng_time=1705441703853&nocache=5846812 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=1033&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B5%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B5%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B6%5D=au.msi&eng_time=1705441703854&nocache=5850250 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=2.8.381.9&software%5B1%5D=2.8.381.9&software%5B2%5D=1988474201&eng_time=1705441703855&nocache=5854671 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=hardware_add&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B6%5D=20060621000000.%2A%2A%2A%2A%2A%2A%2B%2A%2A%2A&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B6%5D=20060621000000.%2A%2A%2A%2A%2A%2A%2B%2A%2A%2A&hardware%5B7%5D=Microsoft&eng_time=1705441705064&nocache=5856078 HTTP/1.1Connection: Keep-AliveUser-Agent: WinHTTP 1.0Host: pcapp.store
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:Y9AOPRDxJwGGAeVwd1ak5uL1DY1X06nPPn_kZpOUstI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:Is_UYFhgHr7nBlZM7FMVfvkTTIRi7n2lv-_w71TZDdo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:2IDko9I1QCj23guagIDv7brAeOMm9aKeglnBvWpoRbA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /time/1/current?cup2key=6:57jlf0ciYHqeU_Hacg3XzU-QylWI_b_ISA7Aq_fdSMw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1Host: clients2.google.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate
Source: unknownDNS traffic detected: queries for: pcapp.store
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NW_store.exe, 0000000D.00000003.2672195766.00000235A8D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current?cup2key=6:Y9AOPRDxJwGGAeVwd1ak5uL1DY1X06nPPn_kZpOUstI&cup2
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUVl
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.14/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: NW_store.exe, 00000014.00000003.2691659536.0000028606DE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wM
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700602000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-types
Source: NW_store.exe, 00000014.00000003.2963577815.00001FF8008CC000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json/%&
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: nso7806.exe, 00000000.00000000.2172709760.000000000040A000.00000008.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000978C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000015.00000000.2718167546.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHF
Source: explorer.exe, 00000015.00000000.2708639286.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.2713109606.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.2713074941.0000000007B50000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: explorer.exe, 00000015.00000003.2981409148.000000000C403000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2980337688.000000000C3E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2731471784.000000000C39F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmp, nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUVi
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.1
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: NW_store.exe, 00000018.00000002.2789216777.0000027803930000.00000002.00000001.00040000.00000022.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: NW_store.exe, 0000000D.00000003.2750085986.00000235A937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000005.00000003.2985429026.00001730025DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: explorer.exe, 00000015.00000000.2723601174.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2979070364.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000015.00000000.2731471784.000000000BFDF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000015.00000000.2718167546.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000015.00000000.2718167546.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/I
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000015.00000000.2718167546.000000000962B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=435B7A89D7D74BDF801F2DA188906BAF&timeOut=5000&oc
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: NW_store.exe, 0000000D.00000003.2750085986.00000235A937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-dark
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=uk
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ur
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=vi
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: NW_store.exe, NW_store.exe, 00000018.00000000.2779897626.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: NW_store.exe, NW_store.exe, 00000018.00000000.2779897626.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: NW_store.exe, 0000000D.00000000.2642591171.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000E.00000000.2658552978.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000F.00000000.2660715102.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000011.00000000.2666510143.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000012.00000000.2670517806.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000013.00000000.2680641532.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000014.00000000.2684375968.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000018.00000000.2779897626.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: NW_store.exe, 00000014.00000003.2961549704.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831044086.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830955028.00003BA700602000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980301902.00003BA7000C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA7002C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2834980889.00003BA7000C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1297276
Source: NW_store.exe, 00000014.00000003.2961549704.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831044086.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830955028.00003BA700602000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980301902.00003BA7000C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA7002C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2834980889.00003BA7000C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1309302
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2961549704.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2962741607.00003BA7000C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837077855.00003BA7005C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831044086.00003BA700102000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830955028.00003BA700602000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA70036A000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980301902.00003BA7000C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831044086.00003BA7000C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831197336.00003BA7005C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2834980889.00003BA7000C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/701034
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUViMUV
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.14/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: NW_store.exe, 0000000D.00000003.2750085986.00000235A937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.56
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: explorer.exe, 00000015.00000000.2731471784.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2982764892.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com-
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: NW_store.exe, 00000014.00000003.2924443259.00001FF8002E2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
Source: NW_store.exe, 00000014.00000003.2924443259.00001FF8002E2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: NW_store.exe, 00000014.00000003.2837370433.00003BA700542000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA7008C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7008CA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700642000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700642000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: NW_store.exe, 00000014.00000003.2837370433.00003BA700542000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: NW_store.exe, 00000014.00000003.2695118915.00000286483E4000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2695352655.00000286483FE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2984961851.00003BA700689000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA700642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA700642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: NW_store.exe, 00000014.00000003.2836840430.00003BA700582000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA7004C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2697881310.00000286483CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2984961851.00003BA700689000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: NW_store.exe, 00000014.00000003.2836840430.00003BA700582000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA7004C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA700382000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA70039D000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA7003A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: NW_store.exe, 00000018.00000002.2787739787.0000027803160000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nwjs-community/nw-builder
Source: NW_store.exe, 0000000D.00000003.2672195766.00000235A8CAE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000000D.00000003.2670862230.00000235A8CBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nwjs-community/nw-builder#
Source: NW_store.exe, 00000014.00000003.2837786203.00003BA7002C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nwjs-community/nw-builder8
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: NW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: NW_store.exe, 00000014.00000003.2688310937.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688848751.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688310937.00001FF800474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.comlast_v=%ws&dl_lnk=%wsempty_instructionsno_internet_connectionendbad
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: NW_store.exe, 00000014.00000003.2688310937.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688848751.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688310937.00001FF800474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: NW_store.exe, 00000014.00000003.2688310937.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688848751.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688310937.00001FF800474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: NW_store.exe, 00000014.00000003.2688310937.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688848751.00001FF800484000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2688310937.00001FF800474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAzME7S.img
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006C
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097c
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002s
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444S
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693O
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273CIE
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v19.5.0/node-v19.5.0-headers.tar.gz
Source: NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v19.5.0/node-v19.5.0.tar.gz
Source: NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v19.5.0/win-x64/node.lib
Source: explorer.exe, 00000015.00000000.2731471784.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2982764892.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.come
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comGoogle
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comT
Source: NW_store.exe, 00000014.00000003.2963577815.00001FF8008CC000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700882000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700882000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store
Source: nso7806.exe, 00000000.00000002.2734427684.000000000074D000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2736828955.000000000598C000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000003.2732390262.000000000598B000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A49000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000002.2760286583.0000000000A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_appstore-faq
Source: chrome.exe, 00000005.00000003.2903855014.0000173003558000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2903797581.0000173003CA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2777725627.0000173003C7C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&ver
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_uninstall_r1&ref=pcapp_settings&guid=
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?p=lpd_uninstall_r1&ref=pcapp_settings&guid=5%
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/?support=1&guid=
Source: PcAppStore.exe, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://pcapp.store/account/login
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/account/myApps
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/account/myApps5%
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/account/profile
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/account/profile5%
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/cpg_fa.php?guid=
Source: nso7806.exe, 00000000.00000002.2736691741.0000000005931000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2733692241.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000003.2731803953.00000000006F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/cpg_fa.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420
Source: PcAppStore.exe, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%du_temp_eventhttps://pcapp.store/fa_v
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=&winver=
Source: nso7806.exe, 00000000.00000003.2731803953.0000000000722000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000002.2733692241.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=4D8027
Source: nso7806.exe, 00000000.00000002.2734427684.000000000074D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://pcapp.store/notify_app_v2.php?guid=&lastid=&lasttime=&nocache=&end_v=%ws%ws%ws%d%ws%d%ws%ws%
Source: PcAppStore.exeString found in binary or memory: https://pcapp.store/pixel.gif
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://pcapp.store/pixel.gif0
Source: NW_store.exe, 00000014.00000003.2834980889.00003BA700082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1705436224705&user-agent=Mozilla/
Source: nso7806.exe, 00000000.00000002.2736691741.0000000005931000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?gu
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=%ws&version=%ws&evt_src=fa_%ws&evt_action=%ws&%ws&nocache=%d%ws
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=%s%s%s%s%s%s%s%s&%s%s%I64uinvali
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_installer&evt_action=termination_failure
Source: nso7806.exe, 00000000.00000002.2733692241.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_i
Source: PcAppStore.exe, 00000016.00000002.2760286583.0000000000A2F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A2F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000002.2760286583.0000000000A54000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_p
Source: nso7806.exe, 00000000.00000002.2734427684.000000000074D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&inst_parent=
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?ref=pcapp_settings&guid=
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.html?ref=pcapp_settings&guid=5%
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/privacy.htmlBy
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html?ref=pcapp_settings&guid=
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store/tos.html?ref=pcapp_settings&guid=5%
Source: PcAppStore.exe, 00000016.00000002.2760286583.0000000000A54000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcapp.store:443/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pcappstore.s3.amazonaws.com/versionrinstruction_failed%ws?guid=%ws&nocache=%dauto_updater.ex
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
Source: explorer.exe, 00000015.00000000.2731471784.000000000BFEF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEMd
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700842000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfills
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA700842000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700842000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700842000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfills%&
Source: NW_store.exe, 00000014.00000003.2941659231.00003BA700602000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700602000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700602000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/link/react-polyfills%&%
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/Errors?code=
Source: NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.pcapp.store/r.html?q=
Source: PcAppStore.exeString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%ws
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsNWidgetShell_TrayWndTrayNoti
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://suggestqueries.google.com/complete/search?client=chrome&q=
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://suggestqueries.google.com/complete/search?client=chrome&q=5%.
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=block_warn
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA700382000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA7003A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: chrome.exe, 00000005.00000003.2903855014.0000173003558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net/td/rul/858128210?random=1705436182296&cv=11&fst=1705436182296&fmt=3&bg=ff
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j475816165
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j475816165/m
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j596093288
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j596093288/m
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j7904283812
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j7904283812/m
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j7904705661
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.net1j7904705661/m
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.nethttps://pcapp.store
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://td.doubleclick.nethttps://pcapp.store/m
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969177&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969180&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969183&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969186&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969189&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969192&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969195&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969198&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969321&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696925&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696928&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696931&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696937&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696940&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696943&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696949&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696955&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697084&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697087&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697090&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697093&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697096&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_i
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_iH
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681120453309&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681164326060&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681723789354&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681832111085&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=682239234212&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=682864330297&cv_id=2&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=682865054128&cv_id=43&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=682865708584&cv_id=28&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343440&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343443&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343446&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343449&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343452&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343455&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531664&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531667&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531670&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531673&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531682&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531694&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531697&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531700&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531703&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531709&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531715&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531727&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111289&cr_id=678080531730&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866677&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866680&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866683&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866686&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866695&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866707&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866710&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866713&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866716&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866842&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866848&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866860&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866863&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561709&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561712&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561715&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561718&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561727&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561739&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561742&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561745&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561748&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561754&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561880&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561892&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561895&cv_id=0&format=
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158045658140&cr_id=685899868954&cv_id=0&format=$
Source: chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=160199643834&cr_id=685899871915&cv_id=0&format=$
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: chrome.exe, 00000005.00000003.2868701153.0000173002530000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000005.00000003.2868701153.0000173002533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=13:B9jqUl8O75-i36W2FEg_qF53LYRU9eZvkUy3xV
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: NW_store.exe, 00000014.00000003.2836840430.00003BA700582000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA7004C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000015.00000000.2723601174.00000000099AB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2979070364.00000000099AB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/e
Source: explorer.exe, 00000015.00000000.2731471784.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2982764892.000000000C086000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comM
Source: NW_store.exe, 00000014.00000003.2944708569.00003BA700382000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA7003A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: NW_store.exe, 0000000D.00000003.2749696087.00000235A9377000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 0000000D.00000003.2750085986.00000235A937C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/search?q=
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlDo
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFUTGhWQUV
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.
Source: chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/
Source: NW_store.exe, 0000000D.00000003.2672195766.00000235A8D11000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/10-things-rich-people-never-buy-and-you-shouldn-t-ei
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/money-matters-changing-institution-of-marriage/ar-AA
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar-
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/savingandinvesting/americans-average-net-worth-by-age/ar-AA1h4ngF
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/how-donald-trump-helped-kari-lake-become-arizona-s-and-ameri
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/kevin-mccarthy-s-ouster-as-house-speaker-could-cost-gop-its-
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/republicans-already-barred-trump-from-being-speaker-of-the-h
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/trump-campaign-says-he-raised-more-than-45-million-in-3rd-qu
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/a-federal-emergency-alert-will-be-sent-to-us-phones-nation
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/biden-administration-waives-26-federal-laws-to-allow-border-wall-c
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/us-supplies-ukraine-with-a-million-rounds-of-ammunition-seized-
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/you-can-t-beat-bobby-flay-s-phoenix-airport-restaurant-one-of-
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49742 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49794 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.6:49835 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49836 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49806 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.25.241.18:443 -> 192.168.2.6:49847 version: TLS 1.2
Source: unknownHTTPS traffic detected: 167.99.235.203:443 -> 192.168.2.6:49848 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49857 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.159.126.152:443 -> 192.168.2.6:49869 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C54C80 SetWindowsHookExW 0000000D,00C54980,00000000,0000000022_2_00C54C80
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: Semi-Auto-generated - file ironshell.php.txt Author: Neo23x0 Yara BRG + customization by Stefan -dfate- Molls
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_6428_1950614454Jump to behavior
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00406D5F0_2_00406D5F
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D44A1E22_2_00D44A1E
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C540D022_2_00C540D0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D3A1D222_2_00D3A1D2
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CA819022_2_00CA8190
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C6A27022_2_00C6A270
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C0622022_2_00C06220
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D5634B22_2_00D5634B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CAC4B022_2_00CAC4B0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C645A022_2_00C645A0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CD45A022_2_00CD45A0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CCA56022_2_00CCA560
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D0250022_2_00D02500
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BFC62022_2_00BFC620
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CA460022_2_00CA4600
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CC28B022_2_00CC28B0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CDA83022_2_00CDA830
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1299022_2_00D12990
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C44AF022_2_00C44AF0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BFAA6022_2_00BFAA60
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CA2A3022_2_00CA2A30
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C6ABD022_2_00C6ABD0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D04BB022_2_00D04BB0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BF6B7622_2_00BF6B76
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BF8C9022_2_00BF8C90
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C32CF022_2_00C32CF0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CBCE5022_2_00CBCE50
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CE8E0022_2_00CE8E00
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C2EE3022_2_00C2EE30
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CF0FC022_2_00CF0FC0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C2EF8022_2_00C2EF80
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CAEF8022_2_00CAEF80
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C50F9022_2_00C50F90
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C7CF5022_2_00C7CF50
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C570F022_2_00C570F0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C810A022_2_00C810A0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D4D01B22_2_00D4D01B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D0519022_2_00D05190
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CF128022_2_00CF1280
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D132B022_2_00D132B0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C833D022_2_00C833D0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C5F3F022_2_00C5F3F0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C4D34022_2_00C4D340
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D3130022_2_00D31300
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CC15C022_2_00CC15C0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D155F022_2_00D155F0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C935F022_2_00C935F0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CEB62022_2_00CEB620
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C577C022_2_00C577C0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C6D7C022_2_00C6D7C0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C3574022_2_00C35740
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00BF772022_2_00BF7720
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C438E022_2_00C438E0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C8188022_2_00C81880
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D5396F22_2_00D5396F
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C4592022_2_00C45920
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CF5AD022_2_00CF5AD0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C75A8022_2_00C75A80
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C01A4022_2_00C01A40
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D39B1522_2_00D39B15
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C73B1022_2_00C73B10
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C5DDE022_2_00C5DDE0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C77DA022_2_00C77DA0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CE9DA022_2_00CE9DA0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C43ED022_2_00C43ED0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D4FEE922_2_00D4FEE9
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00CABEA022_2_00CABEA0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D39E7422_2_00D39E74
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D3DF8322_2_00D3DF83
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D3FFB022_2_00D3FFB0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73276741024_2_00007FF732767410
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274060024_2_00007FF732740600
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73273FA8024_2_00007FF73273FA80
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73271105D24_2_00007FF73271105D
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73278E3A024_2_00007FF73278E3A0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328753E024_2_00007FF7328753E0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275341024_2_00007FF732753410
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279D32024_2_00007FF73279D320
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73278534024_2_00007FF732785340
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327604E024_2_00007FF7327604E0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73272F4E424_2_00007FF73272F4E4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328734DC24_2_00007FF7328734DC
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328774D824_2_00007FF7328774D8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275851024_2_00007FF732758510
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327FC43624_2_00007FF7327FC436
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275E44024_2_00007FF73275E440
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73289847424_2_00007FF732898474
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73277D47024_2_00007FF73277D470
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287C1A824_2_00007FF73287C1A8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327C91B024_2_00007FF7327C91B0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274821024_2_00007FF732748210
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73276B2A024_2_00007FF73276B2A0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328712C824_2_00007FF7328712C8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328772EC24_2_00007FF7328772EC
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327302E224_2_00007FF7327302E2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328732F024_2_00007FF7328732F0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279730024_2_00007FF732797300
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327A331024_2_00007FF7327A3310
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73277431024_2_00007FF732774310
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73271A22024_2_00007FF73271A220
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275E22024_2_00007FF73275E220
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287027024_2_00007FF732870270
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287925C24_2_00007FF73287925C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274E7A024_2_00007FF73274E7A0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275E7F024_2_00007FF73275E7F0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275380024_2_00007FF732753800
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73273580C24_2_00007FF73273580C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73271A77224_2_00007FF73271A772
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274977024_2_00007FF732749770
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73273078C24_2_00007FF73273078C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73278A8A024_2_00007FF73278A8A0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328738AC24_2_00007FF7328738AC
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327278A024_2_00007FF7327278A0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328778B024_2_00007FF7328778B0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327578B024_2_00007FF7327578B0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73288E8CC24_2_00007FF73288E8CC
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327CB82024_2_00007FF7327CB820
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327A584424_2_00007FF7327A5844
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73271D86424_2_00007FF73271D864
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274F87024_2_00007FF73274F870
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287886024_2_00007FF732878860
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327315CE24_2_00007FF7327315CE
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73288056824_2_00007FF732880568
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328736C424_2_00007FF7328736C4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328776C424_2_00007FF7328776C4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279E71024_2_00007FF73279E710
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287463024_2_00007FF732874630
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327CC65024_2_00007FF7327CC650
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275766024_2_00007FF732757660
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287BB2424_2_00007FF73287BB24
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73276AB3024_2_00007FF73276AB30
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274BB4324_2_00007FF73274BB43
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274DB5E24_2_00007FF73274DB5E
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275CB9024_2_00007FF73275CB90
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73286FCD024_2_00007FF73286FCD0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732714D0824_2_00007FF732714D08
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275ED1024_2_00007FF73275ED10
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327E3C1C24_2_00007FF7327E3C1C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732730C3624_2_00007FF732730C36
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327FAC2824_2_00007FF7327FAC28
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732770C7024_2_00007FF732770C70
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732755C8024_2_00007FF732755C80
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732873C7C24_2_00007FF732873C7C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732877C8024_2_00007FF732877C80
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327FC9C424_2_00007FF7327FC9C4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287E9B824_2_00007FF73287E9B8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73272F98E24_2_00007FF73272F98E
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732877A9824_2_00007FF732877A98
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732719AD824_2_00007FF732719AD8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732757B0024_2_00007FF732757B00
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279DA4024_2_00007FF73279DA40
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327A6A3C24_2_00007FF7327A6A3C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732873A9424_2_00007FF732873A94
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732715FA824_2_00007FF732715FA8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73289E00C24_2_00007FF73289E00C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275801324_2_00007FF732758013
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732715F2424_2_00007FF732715F24
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732872F1824_2_00007FF732872F18
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327730F024_2_00007FF7327730F0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287210824_2_00007FF732872108
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73273110224_2_00007FF732731102
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275710024_2_00007FF732757100
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73277F10024_2_00007FF73277F100
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287310424_2_00007FF732873104
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287408C24_2_00007FF73287408C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73289807C24_2_00007FF73289807C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73275809224_2_00007FF732758092
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279DDA024_2_00007FF73279DDA0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327D3DC024_2_00007FF7327D3DC0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732773DF024_2_00007FF732773DF0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279EE1024_2_00007FF73279EE10
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732870D3024_2_00007FF732870D30
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73279ED3024_2_00007FF73279ED30
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328A0D1C24_2_00007FF7328A0D1C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732878D6424_2_00007FF732878D64
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732897D9424_2_00007FF732897D94
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73277DEA024_2_00007FF73277DEA0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732775EA024_2_00007FF732775EA0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732760EB024_2_00007FF732760EB0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7328A2EE424_2_00007FF7328A2EE4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732719EF024_2_00007FF732719EF0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73289CF0C24_2_00007FF73289CF0C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73287CE2824_2_00007FF73287CE28
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73272FE3824_2_00007FF73272FE38
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732873E6424_2_00007FF732873E64
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: String function: 00007FF732712093 appears 73 times
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: String function: 00007FF73273F8B0 appears 128 times
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: String function: 00007FF732715698 appears 299 times
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: String function: 00007FF732883384 appears 60 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00C5DB50 appears 170 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00C19140 appears 203 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00C5E570 appears 178 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00D2F78C appears 80 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00C5D8F0 appears 38 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00CA8A40 appears 32 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00D2FEB0 appears 60 times
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: String function: 00C196B0 appears 31 times
Source: libEGL.dll.0.drStatic PE information: Number of sections : 13 > 10
Source: notification_helper.exe.0.drStatic PE information: Number of sections : 14 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 13 > 10
Source: node.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: nw.dll.0.drStatic PE information: Number of sections : 16 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: NW_store.exe.0.drStatic PE information: Number of sections : 14 > 10
Source: nw_elf.dll.0.drStatic PE information: Number of sections : 16 > 10
Source: ffmpeg.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoUpdater.exe: vs nso7806.exe
Source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibEGL.dll0 vs nso7806.exe
Source: nso7806.exe, 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAutoUpdater.exe: vs nso7806.exe
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll0 vs nso7806.exe
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePCAppStore.exe: vs nso7806.exe
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: nso7806.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Process Memory Space: explorer.exe PID: 4004, type: MEMORYSTRMatched rule: ironshell_php author = Neo23x0 Yara BRG + customization by Stefan -dfate- Molls, description = Semi-Auto-generated - file ironshell.php.txt, hash = 8bfa2eeb8a3ff6afc619258e39fded56
Source: classification engineClassification label: mal42.spyw.evad.winEXE@60/382@38/22
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73274C8C0 FormatMessageA,GetLastError,24_2_00007FF73274C8C0
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C4B0B0 FindResourceW,LoadResource,LockResource,SizeofResource,GlobalAlloc,GlobalLock,GlobalUnlock,CreateStreamOnHGlobal,GdipAlloc,GdipAlloc,GdipCreateBitmapFromStreamICM,GdipCreateBitmapFromStreamICM,GetLastError,GdipAlloc,GdipCreateBitmapFromStreamICM,22_2_00C4B0B0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile created: C:\Program Files\nw1032_778554751Jump to behavior
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStoreJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Local\Temp\nsw998E.tmpJump to behavior
Source: nso7806.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: CREATE TABLE ColNames( cpos INTEGER PRIMARY KEY, name TEXT, nlen INT, chop INT, reps INT, suff TEXT);CREATE VIEW RepeatedNames AS SELECT DISTINCT t.name FROM ColNames t WHERE t.name COLLATE NOCASE IN ( SELECT o.name FROM ColNames o WHERE o.cpos<>t.cpos);
Source: PcAppStore.exe, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: NW_store.exe, 0000000D.00000003.2668827220.00000235A8E43000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT*FROM"main".sqlite_master WHERE tbl_name='eq_class_groups' AND type!='trigger' ORDER BY rowid;
Source: nso7806.exeReversingLabs: Detection: 37%
Source: NW_store.exeString found in binary or memory: Try '%ls --help' for more information.
Source: NW_store.exeString found in binary or memory: Try '%ls --help' for more information.
Source: NW_store.exeString found in binary or memory: Try '%ls --help' for more information.
Source: NW_store.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\nso7806.exeFile read: C:\Users\user\Desktop\nso7806.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\nso7806.exe C:\Users\user\Desktop\nso7806.exe
Source: C:\Users\user\Desktop\nso7806.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\nso7806.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" .\ui\.
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\backgroundTaskHost.exe "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\PCAppStore\AutoUpdater.exe "C:\Users\user\PCAppStore\AutoUpdater.exe" /i
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
Source: C:\Users\user\Desktop\nso7806.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376Jump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init defaultJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" .\ui\.Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Windows\explorer.exeProcess created: C:\Users\user\PCAppStore\PcAppStore.exe "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\backgroundTaskHost.exe "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
Source: C:\Users\user\Desktop\nso7806.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: PC App Store.lnk.0.drLNK file: ..\..\..\..\..\..\PCAppStore\PcAppStore.exe
Source: C:\Users\user\Desktop\nso7806.exeAutomated click: Next >
Source: C:\Users\user\Desktop\nso7806.exeAutomated click: Install
Source: C:\Users\user\PCAppStore\PcAppStore.exeAutomated click: OK
Source: C:\Users\user\PCAppStore\PcAppStore.exeAutomated click: OK
Source: C:\Windows\System32\dllhost.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeDirectory created: C:\Program Files\nw1032_778554751Jump to behavior
Source: C:\Users\user\Desktop\nso7806.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCAppStoreJump to behavior
Source: nso7806.exeStatic PE information: certificate valid
Source: nso7806.exeStatic file information: File size 88750488 > 1048576
Source: nso7806.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: libEGL.dll.pdb source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_1060_D20230602T153648\fa_rss\AppStoreUpdater\Release\auto_updater.pdb3 source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw73_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: NW_store.exe, 0000000D.00000000.2642591171.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000E.00000000.2658552978.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000F.00000000.2660715102.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000011.00000000.2666510143.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000012.00000000.2670517806.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000013.00000000.2680641532.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000014.00000000.2684375968.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\Build\Build_1060_D20230602T153648\fa_rss\AppStoreUpdater\Release\auto_updater.pdb source: nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C30EE0 GetErrorInfo,SysFreeString,SysStringLen,LoadLibraryW,GetProcAddress,GetErrorInfo,GetProcessHeap,HeapFree,SysFreeString,SetErrorInfo,SetErrorInfo,22_2_00C30EE0
Source: NW_store.exe.0.drStatic PE information: section name: .00cfg
Source: NW_store.exe.0.drStatic PE information: section name: .gxfg
Source: NW_store.exe.0.drStatic PE information: section name: .retplne
Source: NW_store.exe.0.drStatic PE information: section name: .voltbl
Source: NW_store.exe.0.drStatic PE information: section name: CPADinfo
Source: NW_store.exe.0.drStatic PE information: section name: _RDATA
Source: NW_store.exe.0.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: .voltbl
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libEGL.dll.0.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: malloc_h
Source: node.dll.0.drStatic PE information: section name: .00cfg
Source: node.dll.0.drStatic PE information: section name: .gxfg
Source: node.dll.0.drStatic PE information: section name: .retplne
Source: node.dll.0.drStatic PE information: section name: .voltbl
Source: node.dll.0.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.0.drStatic PE information: section name: .00cfg
Source: notification_helper.exe.0.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.0.drStatic PE information: section name: .retplne
Source: notification_helper.exe.0.drStatic PE information: section name: .voltbl
Source: notification_helper.exe.0.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.0.drStatic PE information: section name: _RDATA
Source: notification_helper.exe.0.drStatic PE information: section name: malloc_h
Source: nw.dll.0.drStatic PE information: section name: .00cfg
Source: nw.dll.0.drStatic PE information: section name: .gxfg
Source: nw.dll.0.drStatic PE information: section name: .retplne
Source: nw.dll.0.drStatic PE information: section name: .rodata
Source: nw.dll.0.drStatic PE information: section name: .voltbl
Source: nw.dll.0.drStatic PE information: section name: CPADinfo
Source: nw.dll.0.drStatic PE information: section name: LZMADEC
Source: nw.dll.0.drStatic PE information: section name: _RDATA
Source: nw.dll.0.drStatic PE information: section name: malloc_h
Source: libEGL.dll0.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll0.0.drStatic PE information: section name: .voltbl
Source: libEGL.dll0.0.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.0.drStatic PE information: section name: .00cfg
Source: nw_elf.dll.0.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.0.drStatic PE information: section name: .gxfg
Source: nw_elf.dll.0.drStatic PE information: section name: .oldntma
Source: nw_elf.dll.0.drStatic PE information: section name: .retplne
Source: nw_elf.dll.0.drStatic PE information: section name: .voltbl
Source: nw_elf.dll.0.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.0.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.0.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll0.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll0.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll0.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D2F769 push ecx; ret 22_2_00D2F77C
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C32CF0 Sleep,Sleep,Sleep,Sleep,CoInitializeEx,URLDownloadToFileW,GetLastError,ShellExecuteExW,GetLastError,WaitForSingleObject,CloseHandle,GetLastError,ExpandEnvironmentStringsW,GetFileAttributesW,GetLastError,DeleteFileW,GetLastError,GetLastError,22_2_00C32CF0
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\NW_store.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\node.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\NSISFastLib.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\PcAppStore.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\AutoUpdater.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.js.LICENSE.txtJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\PCAppStore\ReadMe.txtJump to behavior

Boot Survival

barindex
Creates multiple autostart registry keys
Source: C:\Users\user\PCAppStore\PcAppStore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreAutoUpdaterJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnkJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreAutoUpdaterJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run PCAppStoreAutoUpdaterJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\AutoUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled =&apos;TRUE&apos;
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327131B4 rdtsc 24_2_00007FF7327131B4
Source: C:\Users\user\PCAppStore\PcAppStore.exeWindow / User API: threadDelayed 2379Jump to behavior
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 451
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 430
Source: C:\Users\user\Desktop\nso7806.exeDropped PE file which has not been started: C:\Users\user\PCAppStore\Uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\nso7806.exeDropped PE file which has not been started: C:\Users\user\PCAppStore\nwjs\notification_helper.exeJump to dropped file
Source: C:\Users\user\PCAppStore\PcAppStore.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_22-102699
Source: C:\Users\user\PCAppStore\PcAppStore.exeAPI coverage: 4.4 %
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeAPI coverage: 3.7 %
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Product FROM Win32_BaseBoard
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Version FROM Win32_BIOS
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Users\user\PCAppStore\PcAppStore.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\dllhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\backgroundTaskHost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\PCAppStore\AutoUpdater.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Users\user\PCAppStore\PcAppStore.exeLast function: Thread delayed
Source: C:\Users\user\PCAppStore\PcAppStore.exeThread sleep count: Count: 2379 delay: -10Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\webui_js FullSizeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\blob_storage\35c14ae6-d9d2-406d-8e9b-4fe17e4ae4b3 FullSizeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\PCAppStore\nwjs FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\PCAppStore\nwjs FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1CF8B FindClose,FindFirstFileExW,GetLastError,22_2_00D1CF8B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1CFAB FindFirstFileExW,22_2_00D1CFAB
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D51488 FindFirstFileExW,22_2_00D51488
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732783040 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,24_2_00007FF732783040
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327140C8 GetSystemInfo,24_2_00007FF7327140C8
Source: nso7806.exe, 00000000.00000002.2733692241.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, nso7806.exe, 00000000.00000003.2731803953.00000000006F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
Source: explorer.exe, 00000015.00000000.2718167546.000000000962B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWystem32\DriverStore\en-US\msmouse.inf_locv
Source: nso7806.exe, 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: start_menu_onstore/pixel.gif?guid=rsion\Runmpll28x64%29+-+14%2E36%2E32532e installed indefaultter.exeore/cpg_fa.php?guid=lla+Firefox+%28x64+en-US%29&a[]=Mozilla+Maintenance+Service&a[]=Microsoft+Office+Professional+Plus+2019+-+en-us&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Licensing+Component&a[]=Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration&a[]=Adobe+Acrobat+%2864-bit%29&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532&a[]=Google+Chrome&a[]=Microsoft+Edge&a[]=Microsoft+Edge+Update&a[]=Microsoft+Edge+WebView2+Runtime&a[]=Java+Auto+Updater&a[]=Java+8+Update+381&a[]=Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Extensibility+ComponentPcAppStore.exesoft\\Windows NT\\CurrentVersionPC App Storenstaller&evt_action=donepsfoion=AppParamMicrosoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000OKst_parent=soft\Windows\CurrentVersion\UninstallFast Corporate Ltd.0AB-CDDEEFAABBCC00000000-0000-0000-0000-000000000000id=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376
Source: PcAppStore.exe, 00000016.00000003.2759130029.0000000000A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: nso7806.exe, 00000000.00000002.2734427684.000000000074D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=systeminfo&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000"
Source: explorer.exe, 00000015.00000003.2979070364.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RoamingCom
Source: PcAppStore.exe, 00000016.00000003.2759130029.0000000000A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductLMGW9W4D802742-3099-9C0E-C19B-2A23EA1FC420VMware, Inc.Noney*
Source: explorer.exe, 00000015.00000000.2707576749.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: PcAppStore.exe, 00000016.00000003.2759130029.0000000000A2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductLMGW9W4D802742-3099-9C0E-C19B-2A23EA1FC420VMware, Inc.None3
Source: nso7806.exe, 00000000.00000002.2733692241.0000000000722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=systeminfo&os_name=Microsoft Windows 10 Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: nso7806.exe, 00000000.00000002.2736691741.0000000005931000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000978C000.00000004.00000001.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759331113.0000000000A62000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000002.2760124021.0000000000A1A000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000002.2760434638.0000000000A65000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: nso7806.exe, 00000000.00000002.2734427684.000000000074D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.u
Source: explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000015.00000003.2979070364.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: explorer.exe, 00000015.00000003.2979070364.00000000097F3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWws
Source: explorer.exe, 00000015.00000000.2732876404.000000000C4CE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000015.00000000.2718167546.0000000009605000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: explorer.exe, 00000015.00000000.2707576749.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000W
Source: explorer.exe, 00000015.00000000.2732876404.000000000C4CE000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56;
Source: explorer.exe, 00000015.00000003.2979070364.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}lnkramW6
Source: PcAppStore.exe, 00000016.00000002.2760286583.0000000000A54000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 00000016.00000003.2759130029.0000000000A54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
Source: nso7806.exe, 00000000.00000002.2733692241.0000000000722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=systeminfo&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: explorer.exe, 00000015.00000000.2707576749.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000015.00000000.2707576749.0000000000D99000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\nso7806.exeAPI call chain: ExitProcess graph end nodegraph_0-3489
Source: C:\Users\user\Desktop\nso7806.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327131B4 rdtsc 24_2_00007FF7327131B4
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D34043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00D34043
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C30EE0 GetErrorInfo,SysFreeString,SysStringLen,LoadLibraryW,GetProcAddress,GetErrorInfo,GetProcessHeap,HeapFree,SysFreeString,SetErrorInfo,SetErrorInfo,22_2_00C30EE0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00C30AF0 FormatMessageW,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,22_2_00C30AF0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D34043 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00D34043
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D2FC58 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_00D2FC58
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D2FF1E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_00D2FF1E
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327FC436 GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,GetLastError,24_2_00007FF7327FC436
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73286B424 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_00007FF73286B424
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF73289776C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,24_2_00007FF73289776C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327A7BB4 SetUnhandledExceptionFilter,24_2_00007FF7327A7BB4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF7327A6A3C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,SetProcessShutdownParameters,GetLastError,_Init_thread_header,24_2_00007FF7327A6A3C
Source: C:\Users\user\Desktop\nso7806.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376Jump to behavior
Source: C:\Users\user\PCAppStore\PcAppStore.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" .\ui\.Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\pc_app_store\user data" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\users\user\pcappstore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\pc_app_store\user data" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\users\user\pcappstore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe "c:\users\user\pcappstore\nwjs\nw_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="c:\users\user\appdata\local\pc_app_store\user data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2Jump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeProcess created: C:\Users\user\PCAppStore\nwjs\NW_store.exe c:\users\user\pcappstore\nwjs\nw_store.exe --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\pc_app_store\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\pc_app_store\user data\crashpad" --annotation=plat=win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
Source: explorer.exe, 00000015.00000000.2708435355.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
Source: explorer.exe, 00000015.00000000.2711053615.00000000048E0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2708435355.00000000013A0000.00000002.00000001.00040000.00000000.sdmp, PcAppStore.exeBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000015.00000000.2708435355.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000015.00000000.2707576749.0000000000D69000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: +Progman
Source: explorer.exe, 00000015.00000000.2708435355.00000000013A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 00000015.00000000.2723601174.00000000098AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2979070364.00000000098AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd31A
Source: nso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: CaptionDeviceIDNW_store.exehttps://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsNWidgetShell_TrayWndTrayNotifyWndTrayButtonIAppVisibility+IsLauncherVisibleproductnotify_widget_shownotify_widget_hide%ws\download\%wsopenexec_cmdwnd_name=%s&state=%ws&exec_code=%d&cmd=%wssuccesserrorSoftware\Microsoft\Windows\CurrentVersion\Themes\PersonalizeSoftware\Microsoft\Windows\DWMColorizationColorColorPrevalenceEnableTransparencySystemUsesLightThemetheme_parameter
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D2F915 cpuid 22_2_00D2F915
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,22_2_00D541B0
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,22_2_00D54165
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,22_2_00D542D6
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,22_2_00D5424B
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,22_2_00D54529
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,22_2_00D2E6B8
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,22_2_00D54652
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,22_2_00D54758
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,22_2_00D5482E
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoEx,FormatMessageA,22_2_00D1CDA7
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: EnumSystemLocalesW,22_2_00D49027
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetLocaleInfoW,22_2_00D495EA
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,22_2_00D53EB9
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: EnumSystemLocalesW,24_2_00007FF73289B1F4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,24_2_00007FF73289B7B8
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: EnumSystemLocalesW,24_2_00007FF73289B51C
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: EnumSystemLocalesW,24_2_00007FF732896704
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: GetLocaleInfoW,24_2_00007FF732895ED4
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,24_2_00007FF73289AEF4
Source: C:\Users\user\Desktop\nso7806.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\favicon-32x32.png VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0 VolumeInformationJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\main.63c3830c.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\static\js\main.63c3830c.chunk.bin VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\AppData\Roaming\PCAppStore\Data\assets\images VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051021~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0510~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Multimedia-MFCore-WCOSHeadless-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0515~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package051020~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0517~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05112~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0511~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0518~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Office-ClickToRun-39D4F9E5-695B-46C1-A26C-5CA55C23376D-stream.x86.x-none.dat.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PhotoBasic-Feature-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Media-Streaming-merged-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0311~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~amd64~~10.0.19041.746.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EnterpriseClientSync-Host-Opt-Package~31bf3856ad364e35~amd64~~10.0.19041.1645.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0512~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-OfflineFiles-UI-Package~31bf3856ad364e35~amd64~~10.0.19041.1.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-FCI-Client-Package~31bf3856ad364e35~amd64~~10.0.19041.1645.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package04~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package05~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0511~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0518~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package05113~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeQueries volume information: C:\Users\user\PCAppStore\ui\package.json VolumeInformation
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeCode function: 24_2_00007FF732818F56 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,CreateNamedPipeW,24_2_00007FF732818F56
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D1D046 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,22_2_00D1D046
Source: C:\Users\user\PCAppStore\PcAppStore.exeCode function: 22_2_00D4E2BC GetTimeZoneInformation,22_2_00D4E2BC
Source: C:\Users\user\Desktop\nso7806.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\nso7806.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile opened: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\PCAppStore\nwjs\NW_store.exeFile opened: C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Cookies

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
Valid Accounts241
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		Exfiltration Over Other Network Medium12
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without Authorization1
System Shutdown/Reboot		Acquire InfrastructureGather Victim Identity Information
Default Accounts2
Native API		2
DLL Search Order Hijacking		2
DLL Search Order Hijacking		2
Obfuscated Files or Information		11
Input Capture		2
File and Directory Discovery		Remote Desktop Protocol1
Data from Local System		Exfiltration Over Bluetooth11
Encrypted Channel		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain Accounts12
Command and Scripting Interpreter		1
Windows Service		1
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager168
System Information Discovery		SMB/Windows Admin Shares11
Input Capture		Automated Exfiltration3
Non-Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCron111
Registry Run Keys / Startup Folder		1
Windows Service		2
DLL Search Order Hijacking		NTDS1
Query Registry		Distributed Component Object Model1
Clipboard Data		Traffic Duplication4
Application Layer Protocol		Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchdNetwork Logon Script13
Process Injection		13
Masquerading		LSA Secrets361
Security Software Discovery		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC Scripts111
Registry Run Keys / Startup Folder		23
Virtualization/Sandbox Evasion		Cached Domain Credentials23
Virtualization/Sandbox Evasion		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job13
Process Injection		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1375666 Sample: nso7806.exe Startdate: 16/01/2024 Architecture: WINDOWS Score: 42 70 repcdn.pcapp.store 2->70 72 pcapp.store 2->72 74 2 other IPs or domains 2->74 102 Malicious sample detected (through community Yara rule) 2->102 104 Multi AV Scanner detection for dropped file 2->104 106 Multi AV Scanner detection for submitted file 2->106 10 nso7806.exe 9 253 2->10         started        15 msiexec.exe 2->15         started        signatures3 process4 dnsIp5 86 pcapp.store 167.99.235.203, 443, 49723, 49746 DIGITALOCEAN-ASNUS United States 10->86 62 C:\Users\user\PCAppStore\nwjs\vulkan-1.dll, PE32+ 10->62 dropped 64 C:\Users\user\...\vk_swiftshader.dll, PE32+ 10->64 dropped 66 C:\Users\user\PCAppStore\...\libGLESv2.dll, PE32+ 10->66 dropped 68 17 other files (12 malicious) 10->68 dropped 112 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 10->112 114 Creates multiple autostart registry keys 10->114 17 PcAppStore.exe 2 22 10->17         started        20 chrome.exe 1 10->20         started        file6 signatures7 process8 dnsIp9 94 Multi AV Scanner detection for dropped file 17->94 96 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 17->96 98 Creates multiple autostart registry keys 17->98 100 Contains functionality to register a low level keyboard hook 17->100 23 NW_store.exe 34 222 17->23         started        82 192.168.2.6, 443, 49267, 49712 unknown unknown 20->82 84 239.255.255.250 unknown Reserved 20->84 27 chrome.exe 20->27         started        30 chrome.exe 20->30         started        32 chrome.exe 6 20->32         started        signatures10 process11 dnsIp12 58 C:\Users\user\AppData\Local\...\History, SQLite 23->58 dropped 60 9e4a91c6-569a-4418-b859-82e30be9abf6.tmp, COM 23->60 dropped 110 Tries to harvest and steal browser information (history, passwords, etc) 23->110 34 NW_store.exe 23->34         started        39 explorer.exe 23->39 injected 41 NW_store.exe 23->41         started        43 10 other processes 23->43 88 www.google.com 142.250.176.196, 443, 49741, 49792 GOOGLEUS United States 27->88 90 google.com 142.250.176.206, 443, 49749 GOOGLEUS United States 27->90 92 14 other IPs or domains 27->92 file13 signatures14 process15 dnsIp16 76 142.250.65.195, 443, 49785 GOOGLEUS United States 34->76 78 142.250.65.238, 443, 49777, 49841 GOOGLEUS United States 34->78 80 7 other IPs or domains 34->80 56 C:\Users\user\AppData\Local\...\Cookies, SQLite 34->56 dropped 108 Tries to harvest and steal browser information (history, passwords, etc) 34->108 45 AutoUpdater.exe 39->45         started        48 PcAppStore.exe 39->48         started        50 PcAppStore.exe 39->50         started        54 2 other processes 39->54 52 NW_store.exe 41->52         started        file17 signatures18 process19 signatures20 116 Multi AV Scanner detection for dropped file 45->116

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
nso7806.exe38%ReversingLabsWin32.PUA.PCAppStore

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\NSISFastLib.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\PCAppStore\AutoUpdater.exe50%ReversingLabsWin32.Trojan.PCAppStore
C:\Users\user\PCAppStore\PcAppStore.exe42%ReversingLabsWin32.Trojan.PCAppStore
C:\Users\user\PCAppStore\Uninstaller.exe26%ReversingLabsWin32.Trojan.PCAppStore
C:\Users\user\PCAppStore\nwjs\NW_store.exe4%ReversingLabs
C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\ffmpeg.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libEGL.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\libGLESv2.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\node.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\notification_helper.exe0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\nw_elf.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\swiftshader\libEGL.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\PCAppStore\nwjs\vulkan-1.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://outlook.come0%URL Reputationsafe
http://schemas.micro0%URL Reputationsafe
https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=16813039485610%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=C2RInt64.16.msi&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B4%5D=2876741644&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B7%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&eng_time=1705441703829&nocache=57851250%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?evt_src=main_window&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242453&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.360%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=2.8.381.9&software%5B1%5D=2.8.381.9&software%5B2%5D=1988474201&eng_time=1705441703855&nocache=58546710%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B5%5D=16.0.16827.20130&eng_time=1705441703825&nocache=57735150%Avira URL Cloudsafe
https://pcapp.store/account/profile0%Avira URL Cloudsafe
https://td.doubleclick.net1j5960932880%Avira URL Cloudsafe
https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object0%Avira URL Cloudsafe
https://redux.js.org/Errors?code=0%Avira URL Cloudsafe
https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsNWidgetShell_TrayWndTrayNoti0%Avira URL Cloudsafe
https://pcapp.store/pixelgif.php0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?evt_src=fa_offer&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242447&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.360%Avira URL Cloudsafe
https://pcapp.store0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?evt_src=fa_menu_store&evt_action=close&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436259333&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.360%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=%s%s%s%s%s%s%s%s&%s%s%I64uinvali0%Avira URL Cloudsafe
https://tc39.es/ecma262/#sec-timeclip0%Avira URL Cloudsafe
https://pcapp.store/notify_app_v2.php?guid=0%Avira URL Cloudsafe
https://webassembly.github.io/spec/web-api0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B4%5D=Office%2016%20Click-to-Run%20Licensing%20Component&eng_time=1705441703831&nocache=57937500%Avira URL Cloudsafe
https://heycam.github.io/webidl/#es-interfaces0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#es-iterable-entries0%Avira URL Cloudsafe
https://td.doubleclick.net1j79047056610%Avira URL Cloudsafe
https://pcapp.store/lp/appstore/img/favicon.ico0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=%ws&version=%ws&evt_src=fa_%ws&evt_action=%ws&%ws&nocache=%d%ws0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=windows_created&&eng_time=1705441700877&nocache=57592650%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList0%Avira URL Cloudsafe
https://pcapp.store/appstore-menu/?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=17054362425020%Avira URL Cloudsafe
https://heycam.github.io/webidl/#dfn-class-string0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#dfn-iterator-prototype-object0%Avira URL Cloudsafe
https://passwords.google.comT0%Avira URL Cloudsafe
https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%du_temp_eventhttps://pcapp.store/fa_v0%Avira URL Cloudsafe
https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=start&&nocache=57800150%Avira URL Cloudsafe
https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object0%Avira URL Cloudsafe
https://pcapp.store/src/main_code_nw.js0%Avira URL Cloudsafe
https://tc39.github.io/ecma262/#sec-%typedarray%.of0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
1645886859.rsc.cdn77.org
89.187.177.16
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      google.com
      		142.250.176.206
      		truefalse
        		high
        www.google.ca
        		142.250.80.67
        		truefalse
          		high
          accounts.google.com
          		142.251.111.84
          		truefalse
            		high
            googleads.g.doubleclick.net
            		142.251.40.162
            		truefalse
              		high
              www.google.com
              		142.250.176.196
              		truefalse
                		high
                analytics.google.com
                		142.251.35.174
                		truefalse
                  		high
                  td.doubleclick.net
                  		142.251.40.98
                  		truefalse
                    		high
                    pcapp.store
                    		167.99.235.203
                    		truefalse
                      		unknown
                      clients.l.google.com
                      		142.250.72.110
                      		truefalse
                        		high
                        stats.g.doubleclick.net
                        		172.253.62.154
                        		truefalse
                          		high
                          clients1.google.com
                          		unknown
                          		unknownfalse
                            		high
                            repcdn.pcapp.store
                            		unknown
                            		unknownfalse
                              		unknown
                              clients2.google.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=C2RInt64.16.msi&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B4%5D=2876741644&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B7%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&eng_time=1705441703829&nocache=5785125false
                                • Avira URL Cloud: safe
                                		unknown
                                https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B5%5D=16.0.16827.20130&eng_time=1705441703825&nocache=5773515false
                                • Avira URL Cloud: safe
                                		unknown
                                https://pcapp.store/lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1681303948561false
                                • Avira URL Cloud: safe
                                		unknown
                                https://pcapp.store/pixel.gif?evt_src=main_window&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242453&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36false
                                • Avira URL Cloud: safe
                                		unknown
                                https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=2.8.381.9&software%5B1%5D=2.8.381.9&software%5B2%5D=1988474201&eng_time=1705441703855&nocache=5854671false
                                • Avira URL Cloud: safe
                                		unknown
                                https://pcapp.store/pixelgif.phpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://clients2.google.com/time/1/current?cup2key=6:57jlf0ciYHqeU_Hacg3XzU-QylWI_b_ISA7Aq_fdSMw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855false
                                  		high
                                  https://pcapp.store/pixel.gif?evt_src=fa_menu_store&evt_action=close&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436259333&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://pcapp.store/pixel.gif?evt_src=fa_offer&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242447&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://clients2.google.com/time/1/current?cup2key=6:Is_UYFhgHr7nBlZM7FMVfvkTTIRi7n2lv-_w71TZDdo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855false
                                    		high
                                    http://clients2.google.com/time/1/current?cup2key=6:Y9AOPRDxJwGGAeVwd1ak5uL1DY1X06nPPn_kZpOUstI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855false
                                      		high
                                      https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B4%5D=Office%2016%20Click-to-Run%20Licensing%20Component&eng_time=1705441703831&nocache=5793750false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=windows_created&&eng_time=1705441700877&nocache=5759265false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://pcapp.store/lp/appstore/img/favicon.icofalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://pcapp.store/appstore-menu/?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242502false
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                        		high
                                        https://pcapp.store/src/main_code_nw.jsfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://pcapp.store/pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=start&&nocache=5780015false
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://redux.js.org/Errors?code=NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://url.spec.whatwg.org/#concept-url-originNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://support.google.com/chrome/answer/6098869nso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://td.doubleclick.net1j596093288chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2718167546.000000000973C000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/nodejs/node/pull/35941NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://console.spec.whatwg.org/#tableNW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969198&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newNW_store.exe, 0000000D.00000000.2642591171.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000E.00000000.2658552978.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 0000000F.00000000.2660715102.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000011.00000000.2666510143.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000012.00000000.2670517806.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000013.00000000.2680641532.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000014.00000000.2684375968.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmp, NW_store.exe, 00000018.00000000.2779897626.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpfalse
                                                      		high
                                                      https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157009578220&cr_id=685891343449&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://search.pcapp.store/r.html?q=%ws&br=%ws&en=%ws&guid=%ws&end_v=%wsNWidgetShell_TrayWndTrayNotinso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://encoding.spec.whatwg.org/#textencoderNW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561739&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://goo.gl/t5IS6M).NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.google.com/dl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.1chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://url.spec.whatwg.org/#concept-urlencoded-serializerNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://issuetracker.google.com/184850002sNW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3FNW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nodejs.org/api/fs.htmlNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://pcapp.store/account/profileNW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000015.00000003.2981409148.000000000C403000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2980337688.000000000C3E1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.2731471784.000000000C39F000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://github.com/nodejs/node/pull/21313NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.midnight-commander.org/browser/lib/tty/key.cNW_store.exe, 00000014.00000003.2838308603.00003BA700342000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837786203.00003BA700342000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://pcapp.store/pixel.gif?guid=&version=&evt_src=fa_&evt_action=%s%s%s%s%s%s%s%s&%s%s%I64uinvalinso7806.exe, 00000000.00000002.2734867389.000000000282F000.00000004.00000020.00020000.00000000.sdmp, PcAppStore.exe, 0000000C.00000000.2635519762.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmp, PcAppStore.exe, 00000016.00000000.2721832825.0000000000D66000.00000002.00000001.01000000.00000010.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.squid-cache.org/Doc/config/half_closed_clients/NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://issuetracker.google.com/250706693ONW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://pcapp.storeNW_store.exe, 00000014.00000003.2963577815.00001FF8008CC000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700882000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700882000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2925849784.00001FF80078C000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://tc39.es/ecma262/#sec-timeclipNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://issuetracker.google.com/161903006NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/nodejs/node/pull/33661NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://chrome.google.com/webstore?hl=zh-TWnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://pcapp.store/notify_app_v2.php?guid=PcAppStore.exefalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://dl.google.com/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567854667.14/chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://code.google.com/p/chromium/issues/detail?id=25916NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.google.com/chrome/privacy/eula_text.htmlDonso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489&cr_id=678080561709&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://outlook.comeexplorer.exe, 00000015.00000000.2731471784.000000000C048000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2982764892.000000000C086000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://reactjs.org/link/react-polyfills%&NW_store.exe, 00000014.00000003.2830124075.00003BA700842000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700842000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700842000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://webassembly.github.io/spec/web-apiNW_store.exe, 00000014.00000003.2943267963.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700942000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831408020.00003BA700082000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231697093&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_ichrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=682239234212&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545&cr_id=671860969183&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/nodejs/node/pull/12607NW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=150148146610&cr_id=678231696931&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtNW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://td.doubleclick.net1j7904705661chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.google.com/dl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/chrome.exe, 00000005.00000003.2874320164.0000173003364000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866677&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.unicode.org/copyright.htmlNW_store.exe, 00000018.00000002.2789216777.0000027803930000.00000002.00000001.00040000.00000022.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://issuetracker.google.com/issues/166475273NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.microexplorer.exe, 00000015.00000000.2708639286.00000000028A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.2713109606.0000000007B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000000.2713074941.0000000007B50000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://heycam.github.io/webidl/#es-iterable-entriesNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://heycam.github.io/webidl/#es-interfacesNW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://reactjs.org/link/react-polyfillsNW_store.exe, 00000014.00000003.2835771245.00003BA700842000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaqueNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://github.com/nodejs/node/issuesNW_store.exe, 00000014.00000003.2695118915.00000286483E4000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2695352655.00000286483FE000.00000004.00000020.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://pcapp.store/pixel.gif?guid=%ws&version=%ws&evt_src=fa_%ws&evt_action=%ws&%ws&nocache=%d%wsnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://url.spec.whatwg.org/#urlsearchparamsNW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://infra.spec.whatwg.org/#ascii-whitespaceNW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://chromeenterprise.google/policies/#BrowserSwitcherUrlListnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.rfc-editor.org/rfc/rfc9110#section-5.2NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://github.com/nodejs/node/pull/30380#issuecomment-552948364NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700442000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700442000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalNW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://heycam.github.io/webidl/#dfn-class-stringNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://heycam.github.io/webidl/#dfn-iterator-prototype-objectNW_store.exe, 00000014.00000003.2943267963.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA700902000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2980911393.00003BA7006E6000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831504667.00003BA700042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329&cr_id=678172866863&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://chrome.google.com/webstore/category/extensionsnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/nodejs/node/pull/38614)NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838308603.00003BA7003C0000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2943267963.00003BA700402000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://issuetracker.google.com/issues/166475273CIENW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681164326060&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://passwords.google.comTnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://github.com/nodejs/node/pull/32887NW_store.exe, 00000014.00000003.2838308603.00003BA700302000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2831553491.00003BA700682000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=156786411258&cr_id=681120453309&cv_id=0&format=$chrome.exe, 00000005.00000003.2985310205.00001730038C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://pcapp.store/fa_version.php?guid=%ws&end_v=%ws&nocache=%du_temp_eventhttps://pcapp.store/fa_vnso7806.exe, 00000000.00000002.2734867389.0000000002C4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-objectNW_store.exe, 00000014.00000003.2944708569.00003BA700382000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA7003A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://github.com/nodejs/node/issues/19009NW_store.exe, 00000014.00000003.2943267963.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2830124075.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2984961851.00003BA700689000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2835771245.00003BA7006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMhz-darkexplorer.exe, 00000015.00000000.2711562397.00000000073E5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://issuetracker.google.com/166809097NW_store.exe, 0000000D.00000003.2673113030.00000235A9074000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://tc39.github.io/ecma262/#sec-%typedarray%.ofNW_store.exe, 00000014.00000003.2982876370.00003BA700362000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2944708569.00003BA700482000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2838895585.00003BA700440000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2941659231.00003BA700482000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://bugs.chromium.org/p/v8/issues/detail?id=10201NW_store.exe, 00000014.00000003.2835771245.00003BA700682000.00000004.00001000.00020000.00000000.sdmp, NW_store.exe, 00000014.00000003.2837191851.00003BA700502000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              172.253.62.154
                                                                                                                                                              		stats.g.doubleclick.netUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.111.84
                                                                                                                                                              		accounts.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.40.106
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.250.176.206
                                                                                                                                                              		google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              162.159.61.3
                                                                                                                                                              		chrome.cloudflare-dns.comUnited States
                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                              142.250.65.238
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.32.100
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.41.10
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              104.248.126.225
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                              142.251.35.174
                                                                                                                                                              		analytics.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.250.176.196
                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.250.65.195
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              167.99.235.203
                                                                                                                                                              		pcapp.storeUnited States
                                                                                                                                                              		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                              239.255.255.250
                                                                                                                                                              		unknownReserved
                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                              142.251.40.98
                                                                                                                                                              		td.doubleclick.netUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.40.162
                                                                                                                                                              		googleads.g.doubleclick.netUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              45.32.1.23
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		20473AS-CHOOPAUSfalse
                                                                                                                                                              142.250.72.110
                                                                                                                                                              		clients.l.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.250.65.164
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              142.251.35.164
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              89.187.177.16
                                                                                                                                                              		1645886859.rsc.cdn77.orgCzech Republic
                                                                                                                                                              		60068CDN77GBfalse

                                                                                                                                                              Private

                                                                                                                                                              IP
                                                                                                                                                              192.168.2.6

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox version:38.0.0 Ammolite
                                                                                                                                                              Analysis ID:1375666
                                                                                                                                                              Start date and time:2024-01-16 21:15:03 +01:00
                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 14m 5s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                                              Number of analysed new started processes analysed:39
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:1
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Sample name:nso7806.exe
                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                              Original Sample Name:nso7806.tmp
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal42.spyw.evad.winEXE@60/382@38/22
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 50%
                                                                                                                                                              HCA Information:Failed
                                                                                                                                                              Cookbook Comments:
                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 142.250.80.67, 34.104.35.123, 172.217.165.138, 142.250.80.35, 142.250.80.8, 192.229.211.108, 23.206.121.21, 142.250.64.99
                                                                                                                                                              • Excluded domains from analysis (whitelisted): fp.msedge.net, client.wns.windows.com, fonts.googleapis.com, fs.microsoft.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, www.googletagmanager.com, update.googleapis.com
                                                                                                                                                              • Execution Graph export aborted for target NW_store.exe, PID 3196 because there are no executed function
                                                                                                                                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                              • VT rate limit hit for: nso7806.exe

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              21:16:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PCApp "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                              21:16:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PCApp "C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                              21:17:19API Interceptor1873x Sleep call for process: PcAppStore.exe modified
                                                                                                                                                              21:17:24Task SchedulerRun new task: PCAppStoreAutoUpdater path: "C:\Users\user\PCAppStore\AutoUpdater.exe" /i
                                                                                                                                                              21:17:26AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run PCAppStoreAutoUpdater "C:\Users\user\PCAppStore\AutoUpdater.exe" /i
                                                                                                                                                              21:17:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run PCAppStoreAutoUpdater "C:\Users\user\PCAppStore\AutoUpdater.exe" /i

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              162.159.61.3https://laser-gravur.cc/uploads/go.php?0g6dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                cdwx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  boinkwx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    IgnR9tbNCb.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                          $R2PE83Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            wx3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              WEXTRACT.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                WEXTRACT2.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  SecuriteInfo.com.Trojan.DownloaderNET.262.31424.12250.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    SecuriteInfo.com.Variant.Barys.382335.17800.17827.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      z43FAC98656700.CMD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                        SecuriteInfo.com.Variant.Graftor.285977.2380.28926.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          phish_alert_iocp_v1.4.48 (14).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            ISO Certificate_pdf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              InvoiceA023522_PDF.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                InvoiceA023522_PDF.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  vRecording__57seconds__jacksonjet0213687.html. .datGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                    https://mascocorp-my.sharepoint.com/:f:/g/personal/mchavez_brasstech_com/Ek_VaJ_o9NREnR78tzS20PIBzuj9Ged-SMAmjTEetkhLUg?e=aEkZgN&c=E,1,er1FAsTvKmmNNG3kAqyqmO_tE_EQ830eBG28PkMuVr6naiTekeMfa-X3e6mkPUtzjIgk1mZ5Oy4nZ0KvXis6JX6AG5QFqy39MgUN5U-PDC3i_OJbegYN-mw,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                      239.255.255.250https://login.naipinnacle.com/bNTgxgwwGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                                                        https://prezi.com/i/7zyo60qgyymr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                          https://d2-d7j04.eu1.hubspotlinks.com/Ctc/2N+113/d2-D7j04/MWWYTt5r4sNW32YxhD1TbJDJW3mxgk358lJ2BN4xH9dl3m2ndW6N1vHY6lZ3m3W66fnLs3LLYk8W74gfcW53cZCXW6wgLTk8kF42rW8wsQZM4t-GV4W5Qc7nw3MkfTkW2pBGV754QLSTW6h3n8V48rzB6N8Gf9MJKbNhqW352xxk4F2L28W2MvPXf3x5Dq5W2lM50W5qF01zW82V4v71q-3mKW92ZRmc4RJdxVW5nXbl18hQnlMW98mk0L7xfcxgW5c-jDJ2c0Fc6VLWXcs3CD8PJW857csp55FM5JVBvGfj7XxxsJW2ml1WY52LK2BN8607QMSkJcfW3H5d771dqxwHf5fkHSP04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://tsmtpclick.com/unsub/qaR9ZGt1BQH2AQtlAmNlZmVmAmRlZPbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              3456.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                http://www.alulike.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  https://campaigns-events.cmh-1.onpdr.com/track/link/p0ob8k5w5d/89ii6oqvopu369ejvuk00avz5/e6l9ywdn8m#m24d3ccllFpr8J7fl1Diio2WMKpupSmABVS0EYtKTxmQWHS5xCCOMMYWxlamFuZHJhLmFsbWFuemFyQHNlYWJvYXJkbWFyaW5lLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    https://na4.docusign.net/Signing/EmailStart.aspx?a=69b69584-2529-4874-a092-99ccea2e8828&acct=40a75b43-5895-4154-9907-4db77387e830&er=adcde352-e91b-46a1-9fc1-721d56368a24Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      invoice-822243001366.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        SOA_FROM_UNIBEST.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                          https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                            https://porekel.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                              https://www.canva.com/link?target=https%3A%2F%2Fez1di49uo4cj-1323563947.cos.na-ashburn.myqcloud.com%2Fez1di49uo4cj.html&design=DAF6DQKWx4YGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                https://gahidaj.r.af.d.sendibt2.com/tr/cl/mckMFSiQ3mGmWHH04dZpYMyiod5Fomr70EPz7YkxQTuEZZicLHavdDfAmZ8_SJAvr1BbuN324VChAOMGW3RacqA2NHfJmHN1e1xU5n14z7QH_pKswLz_HBmweqnJzrvY9zkpJvedtV3mbwdZqVPHofrE2g2rctyVSlFzMFZdaRnPhgcn_GYV_zwvA1VcdMiqUHyhoh-o3IavjYfWZQkvRYfH5bvzpq_PHPrnRVG33K50Evd5yUXxk4aHSWJrgD_JRMF6Vue7pXObY1AZWSdZ1glAvU2ohTQZfkwJJ5kgpvHJsxdzF276p9BsM6gCnwNI77biaLQQdEyFwJbzdwQJ1XTOS7TQdGOKqiGX-c_HTRVBY2L8psHX8ITeagn0Ye51_H4Luwgx7nMtoXjQa5mxAMWFNCNlWCXG3tiuYjqZdI4prsdUMX9SPBJj8HqdYkhGqsICsXbRT_y97fAZSrDT7RaTvFi3XoIE03AXJ5ciSKAO5XL1_yRjzHlmabUr-69QAxifC5SZscyJN-0rLbQ81K62t0AtIL7zMJrB1SdBYboHdzaUfcCmSMZKVDt_cbE5Ndjwfffu7KHyUOs1pdr_tgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  https://linkedindatabase.shop/app/index.php/campaigns/dv552hfhyj3e6/track-url/wm262bmo2r272/cfc688d9718177f9fdc30cc04187ada373228a0dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    http://cdqv.lambevip.site/4vywRe2910cNYr364eiqjrxibvf14478CJLTWCQKBRVUFHM234008XTXI8858k18Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                      https://t.co/XpDMy6IyeqGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        http://url2969.emails.church/ls/click?upn=XK4oo68R2SZZ95GJ624n1tbmv2Rhlrx4Pk7zRIUM0x7-2B9RfJoni0s-2BEE3QXWko4ZLqza_EkRkegmYzM7dalXjFusseqadGdfaoAC-2BOtcKPorBK3in47EpmxWmVRJS-2BSKo-2FxHw3zBJf4TjM2QylO7cbZkpoie3LsLb0B1xs4ORSEPBhGrtx1xiXMMv1Qi6jpJmV-2FApRRk42-2FS9oama-2B0BV6z-2BEV8n4mBARIrx6JBdh4GkAKYC4nt31BsrjWOZ61IlfTHTQpaUvStl1TbEn5eo3sQKs4qA0-2FKDpwpbGPmGqDEoniSWkDJrpPASVhTNF4l7qkIE7btcCfKFyrCjZpaNs8845zw-3D-3DGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                          https://officeau365.live/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            https://indd.adobe.com/view/17917b64-87c1-4996-a308-311f7530dc70Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              167.99.235.203http://classicshell.mediafire.com/file/d5llbbm8wu92jg8/ClassicShellSetup_4_3_1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                MDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  PcAppStore.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    104.248.126.225Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                        http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                          PcAppStore.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            1645886859.rsc.cdn77.orgMDE_File_Sample_ba40401128d2ff2734a7e554120b7de438870654.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 37.19.206.5
                                                                                                                                                                                                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 195.181.170.19
                                                                                                                                                                                                                                                            http://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 195.181.175.40
                                                                                                                                                                                                                                                            https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj85-Cx0Pz-AhV5FVkFHezeDZcQFnoECCUQAQ&url=https%3A%2F%2Fwww.dltk-teach.com%2Frhymes%2Fmacdonald%2Fmlyrics.htm&usg=AOvVaw0mYQOAG6hFsIBU_fVcAryoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 156.146.33.140
                                                                                                                                                                                                                                                            https://pcapp.store/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 195.181.170.19
                                                                                                                                                                                                                                                            https://pcapp.storeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 138.199.20.248
                                                                                                                                                                                                                                                            chrome.cloudflare-dns.comhttps://laser-gravur.cc/uploads/go.php?0g6dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            cdwx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            boinkwx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            tWfizSwnIO.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            IgnR9tbNCb.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            SecuriteInfo.com.FileRepMalware.22461.28845.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            $R2PE83Y.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            wx3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            WEXTRACT.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            WEXTRACT2.EXE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            LoaderV2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            LoaderV2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.DownloaderNET.262.31424.12250.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            SecuriteInfo.com.Variant.Barys.382335.17800.17827.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            z43FAC98656700.CMD.exeGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            EpsilonBeta.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            phish_alert_iocp_v1.4.48 (14).emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            ISO Certificate_pdf.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            www.google.cahttps://prezi.com/i/7zyo60qgyymr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 142.250.80.67
                                                                                                                                                                                                                                                            https://d2-d7j04.eu1.hubspotlinks.com/Ctc/2N+113/d2-D7j04/MWWYTt5r4sNW32YxhD1TbJDJW3mxgk358lJ2BN4xH9dl3m2ndW6N1vHY6lZ3m3W66fnLs3LLYk8W74gfcW53cZCXW6wgLTk8kF42rW8wsQZM4t-GV4W5Qc7nw3MkfTkW2pBGV754QLSTW6h3n8V48rzB6N8Gf9MJKbNhqW352xxk4F2L28W2MvPXf3x5Dq5W2lM50W5qF01zW82V4v71q-3mKW92ZRmc4RJdxVW5nXbl18hQnlMW98mk0L7xfcxgW5c-jDJ2c0Fc6VLWXcs3CD8PJW857csp55FM5JVBvGfj7XxxsJW2ml1WY52LK2BN8607QMSkJcfW3H5d771dqxwHf5fkHSP04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.250.72.99
                                                                                                                                                                                                                                                            https://www.canva.com/link?target=https%3A%2F%2Fez1di49uo4cj-1323563947.cos.na-ashburn.myqcloud.com%2Fez1di49uo4cj.html&design=DAF6DQKWx4YGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.251.40.99
                                                                                                                                                                                                                                                            http://t.ocmhood.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.251.35.163
                                                                                                                                                                                                                                                            http://pdfixers.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.251.40.99
                                                                                                                                                                                                                                                            http://url3948.rickhansen.com/ls/click?upn=mt-2BpP9XKXFpxyT-2BZ8LvZwhP2KGeLZ9ZHoGM7uEXarEHM-2F4pH7vF2AroIc8w3vogP7DCA23QFNJ-2FS5tN-2Boa7BLH6SFVy7yF-2FVVVe5ikUK79Un8TU-2BZEFJGaplFzK-2FxyWqS4KvVOjdYJwOmiJt4ruIx8u4WomIrwyj2GGANB3v-2BFU-3Dj7nI_BgO-2FprwtGDPWtmrD4vx2xz4oCnshrwZk15-2Bo65e53G8v781drlMU7eZysSj-2F2IkpdVlaNqXHBqo9jNpHNdlchXOSi4ldDUQd8zIkjqZSyOTOe8KQT-2Bg5bnI6I85b7QbMLnYqxsXkIfeAVS9G7v4rJL-2FoQxwfoJUD2Tlfkr7AnfSLwyl6Iy7ZVSAweeaPjBRhgfbxmEeOMLu5EMv825k9Gw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.250.81.227
                                                                                                                                                                                                                                                            https://xtiles.app/65a66d9cda6e3835bdb30233Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 142.250.80.35
                                                                                                                                                                                                                                                            https://2024-a829ac.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.250.80.35
                                                                                                                                                                                                                                                            https://join.webinar.net/Bz9x25deK4Z?l=am9hbi5jaHVybGV5QHVtYW5pdG9iYS5jYQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.251.40.99
                                                                                                                                                                                                                                                            http://levels.fyiGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 142.251.41.3
                                                                                                                                                                                                                                                            http://www.panda-me.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.251.40.99
                                                                                                                                                                                                                                                            https://sms.ansifact.co.zw/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 142.250.203.99
                                                                                                                                                                                                                                                            http://eulerian.officiel-des-vacances.com/dynclick/officiel-vacances/?eml-publisher=MREL&eml-name=mindbaz_retargeting_m4&eml-ctype=CTYPE&eemail=958c5e006c0d43c2ae3f77f528032e88&eurl=https://tagautogr984897p.com/pm.html?e=d2lsbGlhbS53aWxkZXJAc3dpc3Nsb2cuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.217.16.195
                                                                                                                                                                                                                                                            http://x72yn.mjt.lu/lnk/AWcAABW-xvwAAAAKZ-IAAEnlHgsAAAAAPMQAAc1fABcuOwBkPWbZXN63Py0eRG-g1-iaOfgjBAAWw2E/2/bYIKdJU7gX7sRX2XiNxJvw/aHR0cHM6Ly9pbmRlZWQuc3BlY3RydW1saWdodGluZ3RlY2gub3JnLz9tYWlsPXRydWUmSDRzSUFBQUFBQUFBQUUyTXl3ckNNQlJFZjBYdVdwcTZzd1VSNlZLb202cExxY21saWMyTDVBWXBwZjl1aWk1Y3pzeVpNME9DR2lTUmp6VmpUNlcxc2tPaHJFQVVCWGVHLVg0eWFNa2dTU2NZQ2tWSHFROW9IODBKdG1DZ25vRnJ4Y2RPQnBjR21XVVVFdWJwMjA0ZWMzVlQtTjc4NUp1WWpPbkRsQkhmaDZ6dXhreXN5VVZxX2s3WDl0eGU3bTFlYUNWMnc4dkppbU1sVTRyN3NvUmwtUUFmUW5sNnZRQUFBQS81YmYyUnZJWUFvMjVnX095NDR2VEVfbExsZS12N2k4Y1FhYXNpMGxKR1ZrGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 216.58.209.35
                                                                                                                                                                                                                                                            ffe39579163c231521098435348019227cca339b735ef.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee VidarBrowse
                                                                                                                                                                                                                                                            • 172.217.168.67
                                                                                                                                                                                                                                                            jpLE7j0Z6t.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee VidarBrowse
                                                                                                                                                                                                                                                            • 172.217.168.67
                                                                                                                                                                                                                                                            SecuriteInfo.com.Trojan.Win32.Save.a.19067.exeGet hashmaliciousTofsee XmrigBrowse
                                                                                                                                                                                                                                                            • 142.250.186.131
                                                                                                                                                                                                                                                            lrnHH6LHW3.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee VidarBrowse
                                                                                                                                                                                                                                                            • 142.250.186.131
                                                                                                                                                                                                                                                            RyGaFxV75v.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                            • 142.250.186.131
                                                                                                                                                                                                                                                            k2vbB70cV7.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                            • 142.250.186.131

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            DIGITALOCEAN-ASNUShttps://gahidaj.r.af.d.sendibt2.com/tr/cl/mckMFSiQ3mGmWHH04dZpYMyiod5Fomr70EPz7YkxQTuEZZicLHavdDfAmZ8_SJAvr1BbuN324VChAOMGW3RacqA2NHfJmHN1e1xU5n14z7QH_pKswLz_HBmweqnJzrvY9zkpJvedtV3mbwdZqVPHofrE2g2rctyVSlFzMFZdaRnPhgcn_GYV_zwvA1VcdMiqUHyhoh-o3IavjYfWZQkvRYfH5bvzpq_PHPrnRVG33K50Evd5yUXxk4aHSWJrgD_JRMF6Vue7pXObY1AZWSdZ1glAvU2ohTQZfkwJJ5kgpvHJsxdzF276p9BsM6gCnwNI77biaLQQdEyFwJbzdwQJ1XTOS7TQdGOKqiGX-c_HTRVBY2L8psHX8ITeagn0Ye51_H4Luwgx7nMtoXjQa5mxAMWFNCNlWCXG3tiuYjqZdI4prsdUMX9SPBJj8HqdYkhGqsICsXbRT_y97fAZSrDT7RaTvFi3XoIE03AXJ5ciSKAO5XL1_yRjzHlmabUr-69QAxifC5SZscyJN-0rLbQ81K62t0AtIL7zMJrB1SdBYboHdzaUfcCmSMZKVDt_cbE5Ndjwfffu7KHyUOs1pdr_tgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 165.22.79.95
                                                                                                                                                                                                                                                            https://xtiles.app/65a66d9cda6e3835bdb30233Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 185.14.184.154
                                                                                                                                                                                                                                                            http://fltx.slotvip.info/4iQyKf2889LAru273issvfoqenp14030ZXSSZOMWDBNPYRG2894UBBC8832i12Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 45.55.126.207
                                                                                                                                                                                                                                                            http://levels.fyiGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.248.10.131
                                                                                                                                                                                                                                                            rSPAREPARTSLISTS.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 159.203.76.80
                                                                                                                                                                                                                                                            vRngJnoGJU.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            toolspub2.exeGet hashmaliciousLummaC, Djvu, PureLog Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            CbHvTrpv0C.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                            • 157.245.211.185
                                                                                                                                                                                                                                                            https://s3.amazonaws.com/new-customer-offer-rewards/alex/new.html#cl/15189_md/9/2856/2079/58/4491044Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 167.71.30.39
                                                                                                                                                                                                                                                            https://s3.amazonaws.com/new-customer-offer-rewards/alex/new.html#cl/15165_md/9/2856/2079/58/3220974Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 167.71.30.39
                                                                                                                                                                                                                                                            https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui9EYZtRwTAy-2FanEqeT7KFITIPxx3CQ-2Bz-2BT1Wn5ebq2tm1sqE6eg2vD5bCaw4Eaq12UPLgBQ3WUTnbV1hsazi5zCyedkzJeBlUoZIBUmYBsGC4_u-_zn392oq3WCbQR9pQOrSlN3JYr1eawUW29DwOmXQDFEKvXTscqRwDY-2FgKnWU8V7NzSsBCCcv9uzK4FKXWSalTgA6HlLAwSKlyolcXDeTD8LEQ7mdopD8llLKllNkC2h7zzqCRfd2DQLN8PR-2F7lvx5hK-2FJfD0nHGrU4GI95ZbhqlYGQx9azw9xBBImh-2BlkjCO6MecBq6Nf-2FFLma3nmEca120NygSqiRlNAPjGwA6Y0RZLFGsGlUdNUWAWxC88r05sDuQqLf1gKdACVv0l-2FiwGEn37bF-2F0xN4dCHeMJYkHB-2FHSM-2FAX3VvmX9ddUw17fmZDeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 165.22.79.95
                                                                                                                                                                                                                                                            http://i.fluffy.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 138.197.61.175
                                                                                                                                                                                                                                                            aFMLh8KqSd.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            huhu.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.182.69
                                                                                                                                                                                                                                                            http://cloud-kingl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 64.225.91.73
                                                                                                                                                                                                                                                            https://filf.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 134.122.57.34
                                                                                                                                                                                                                                                            https://yhz.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 64.227.64.62
                                                                                                                                                                                                                                                            yonariVpu7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 157.230.24.172
                                                                                                                                                                                                                                                            skyljne.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 134.123.157.238
                                                                                                                                                                                                                                                            12f075PPCr.exeGet hashmaliciousLummaC, Petite Virus, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                            • 95.85.16.212
                                                                                                                                                                                                                                                            DIGITALOCEAN-ASNUShttps://gahidaj.r.af.d.sendibt2.com/tr/cl/mckMFSiQ3mGmWHH04dZpYMyiod5Fomr70EPz7YkxQTuEZZicLHavdDfAmZ8_SJAvr1BbuN324VChAOMGW3RacqA2NHfJmHN1e1xU5n14z7QH_pKswLz_HBmweqnJzrvY9zkpJvedtV3mbwdZqVPHofrE2g2rctyVSlFzMFZdaRnPhgcn_GYV_zwvA1VcdMiqUHyhoh-o3IavjYfWZQkvRYfH5bvzpq_PHPrnRVG33K50Evd5yUXxk4aHSWJrgD_JRMF6Vue7pXObY1AZWSdZ1glAvU2ohTQZfkwJJ5kgpvHJsxdzF276p9BsM6gCnwNI77biaLQQdEyFwJbzdwQJ1XTOS7TQdGOKqiGX-c_HTRVBY2L8psHX8ITeagn0Ye51_H4Luwgx7nMtoXjQa5mxAMWFNCNlWCXG3tiuYjqZdI4prsdUMX9SPBJj8HqdYkhGqsICsXbRT_y97fAZSrDT7RaTvFi3XoIE03AXJ5ciSKAO5XL1_yRjzHlmabUr-69QAxifC5SZscyJN-0rLbQ81K62t0AtIL7zMJrB1SdBYboHdzaUfcCmSMZKVDt_cbE5Ndjwfffu7KHyUOs1pdr_tgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 165.22.79.95
                                                                                                                                                                                                                                                            https://xtiles.app/65a66d9cda6e3835bdb30233Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 185.14.184.154
                                                                                                                                                                                                                                                            http://fltx.slotvip.info/4iQyKf2889LAru273issvfoqenp14030ZXSSZOMWDBNPYRG2894UBBC8832i12Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 45.55.126.207
                                                                                                                                                                                                                                                            http://levels.fyiGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.248.10.131
                                                                                                                                                                                                                                                            rSPAREPARTSLISTS.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 159.203.76.80
                                                                                                                                                                                                                                                            vRngJnoGJU.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, PureLog Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            toolspub2.exeGet hashmaliciousLummaC, Djvu, PureLog Stealer, SmokeLoader, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            CbHvTrpv0C.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                            • 157.245.211.185
                                                                                                                                                                                                                                                            https://s3.amazonaws.com/new-customer-offer-rewards/alex/new.html#cl/15189_md/9/2856/2079/58/4491044Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 167.71.30.39
                                                                                                                                                                                                                                                            https://s3.amazonaws.com/new-customer-offer-rewards/alex/new.html#cl/15165_md/9/2856/2079/58/3220974Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 167.71.30.39
                                                                                                                                                                                                                                                            https://url7923.marsello.io/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui9EYZtRwTAy-2FanEqeT7KFITIPxx3CQ-2Bz-2BT1Wn5ebq2tm1sqE6eg2vD5bCaw4Eaq12UPLgBQ3WUTnbV1hsazi5zCyedkzJeBlUoZIBUmYBsGC4_u-_zn392oq3WCbQR9pQOrSlN3JYr1eawUW29DwOmXQDFEKvXTscqRwDY-2FgKnWU8V7NzSsBCCcv9uzK4FKXWSalTgA6HlLAwSKlyolcXDeTD8LEQ7mdopD8llLKllNkC2h7zzqCRfd2DQLN8PR-2F7lvx5hK-2FJfD0nHGrU4GI95ZbhqlYGQx9azw9xBBImh-2BlkjCO6MecBq6Nf-2FFLma3nmEca120NygSqiRlNAPjGwA6Y0RZLFGsGlUdNUWAWxC88r05sDuQqLf1gKdACVv0l-2FiwGEn37bF-2F0xN4dCHeMJYkHB-2FHSM-2FAX3VvmX9ddUw17fmZDeGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 165.22.79.95
                                                                                                                                                                                                                                                            http://i.fluffy.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 138.197.61.175
                                                                                                                                                                                                                                                            aFMLh8KqSd.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                                                            • 165.227.74.234
                                                                                                                                                                                                                                                            huhu.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 157.245.182.69
                                                                                                                                                                                                                                                            http://cloud-kingl.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 64.225.91.73
                                                                                                                                                                                                                                                            https://filf.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 134.122.57.34
                                                                                                                                                                                                                                                            https://yhz.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 64.227.64.62
                                                                                                                                                                                                                                                            yonariVpu7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 157.230.24.172
                                                                                                                                                                                                                                                            skyljne.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 134.123.157.238
                                                                                                                                                                                                                                                            12f075PPCr.exeGet hashmaliciousLummaC, Petite Virus, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                                            • 95.85.16.212
                                                                                                                                                                                                                                                            CLOUDFLARENETUShttps://login.naipinnacle.com/bNTgxgwwGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                                                                                                            • 104.19.219.90
                                                                                                                                                                                                                                                            https://prezi.com/i/7zyo60qgyymr/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.16.77.186
                                                                                                                                                                                                                                                            https://d2-d7j04.eu1.hubspotlinks.com/Ctc/2N+113/d2-D7j04/MWWYTt5r4sNW32YxhD1TbJDJW3mxgk358lJ2BN4xH9dl3m2ndW6N1vHY6lZ3m3W66fnLs3LLYk8W74gfcW53cZCXW6wgLTk8kF42rW8wsQZM4t-GV4W5Qc7nw3MkfTkW2pBGV754QLSTW6h3n8V48rzB6N8Gf9MJKbNhqW352xxk4F2L28W2MvPXf3x5Dq5W2lM50W5qF01zW82V4v71q-3mKW92ZRmc4RJdxVW5nXbl18hQnlMW98mk0L7xfcxgW5c-jDJ2c0Fc6VLWXcs3CD8PJW857csp55FM5JVBvGfj7XxxsJW2ml1WY52LK2BN8607QMSkJcfW3H5d771dqxwHf5fkHSP04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.16.126.175
                                                                                                                                                                                                                                                            3456.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.25.14
                                                                                                                                                                                                                                                            https://campaigns-events.cmh-1.onpdr.com/track/link/p0ob8k5w5d/89ii6oqvopu369ejvuk00avz5/e6l9ywdn8m#m24d3ccllFpr8J7fl1Diio2WMKpupSmABVS0EYtKTxmQWHS5xCCOMMYWxlamFuZHJhLmFsbWFuemFyQHNlYWJvYXJkbWFyaW5lLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.153.250
                                                                                                                                                                                                                                                            https://na4.docusign.net/Signing/EmailStart.aspx?a=69b69584-2529-4874-a092-99ccea2e8828&acct=40a75b43-5895-4154-9907-4db77387e830&er=adcde352-e91b-46a1-9fc1-721d56368a24Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 1.1.1.1
                                                                                                                                                                                                                                                            invoice-822243001366.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 1.1.1.1
                                                                                                                                                                                                                                                            https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                            https://porekel.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                            https://www.canva.com/link?target=https%3A%2F%2Fez1di49uo4cj-1323563947.cos.na-ashburn.myqcloud.com%2Fez1di49uo4cj.html&design=DAF6DQKWx4YGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.17.239.159
                                                                                                                                                                                                                                                            QxYl4BkdyW.exeGet hashmaliciousDCRat, zgRATBrowse
                                                                                                                                                                                                                                                            • 172.67.178.175
                                                                                                                                                                                                                                                            out.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.134.233
                                                                                                                                                                                                                                                            https://gahidaj.r.af.d.sendibt2.com/tr/cl/mckMFSiQ3mGmWHH04dZpYMyiod5Fomr70EPz7YkxQTuEZZicLHavdDfAmZ8_SJAvr1BbuN324VChAOMGW3RacqA2NHfJmHN1e1xU5n14z7QH_pKswLz_HBmweqnJzrvY9zkpJvedtV3mbwdZqVPHofrE2g2rctyVSlFzMFZdaRnPhgcn_GYV_zwvA1VcdMiqUHyhoh-o3IavjYfWZQkvRYfH5bvzpq_PHPrnRVG33K50Evd5yUXxk4aHSWJrgD_JRMF6Vue7pXObY1AZWSdZ1glAvU2ohTQZfkwJJ5kgpvHJsxdzF276p9BsM6gCnwNI77biaLQQdEyFwJbzdwQJ1XTOS7TQdGOKqiGX-c_HTRVBY2L8psHX8ITeagn0Ye51_H4Luwgx7nMtoXjQa5mxAMWFNCNlWCXG3tiuYjqZdI4prsdUMX9SPBJj8HqdYkhGqsICsXbRT_y97fAZSrDT7RaTvFi3XoIE03AXJ5ciSKAO5XL1_yRjzHlmabUr-69QAxifC5SZscyJN-0rLbQ81K62t0AtIL7zMJrB1SdBYboHdzaUfcCmSMZKVDt_cbE5Ndjwfffu7KHyUOs1pdr_tgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                            out.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.135.233
                                                                                                                                                                                                                                                            http://cdqv.lambevip.site/4vywRe2910cNYr364eiqjrxibvf14478CJLTWCQKBRVUFHM234008XTXI8858k18Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 104.21.28.86
                                                                                                                                                                                                                                                            https://t.co/XpDMy6IyeqGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.17.2.184
                                                                                                                                                                                                                                                            http://url2969.emails.church/ls/click?upn=XK4oo68R2SZZ95GJ624n1tbmv2Rhlrx4Pk7zRIUM0x7-2B9RfJoni0s-2BEE3QXWko4ZLqza_EkRkegmYzM7dalXjFusseqadGdfaoAC-2BOtcKPorBK3in47EpmxWmVRJS-2BSKo-2FxHw3zBJf4TjM2QylO7cbZkpoie3LsLb0B1xs4ORSEPBhGrtx1xiXMMv1Qi6jpJmV-2FApRRk42-2FS9oama-2B0BV6z-2BEV8n4mBARIrx6JBdh4GkAKYC4nt31BsrjWOZ61IlfTHTQpaUvStl1TbEn5eo3sQKs4qA0-2FKDpwpbGPmGqDEoniSWkDJrpPASVhTNF4l7qkIE7btcCfKFyrCjZpaNs8845zw-3D-3DGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.21.2.5
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, GuLoader, StealcBrowse
                                                                                                                                                                                                                                                            • 104.20.67.143
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            • 172.67.171.190
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousHTMLPhisher, Fabookie, Glupteba, StealcBrowse
                                                                                                                                                                                                                                                            • 172.67.169.89

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            1138de370e523e824bbca92d049a3777https://tsmtpclick.com/unsub/qaR9ZGt1BQH2AQtlAmNlZmVmAmRlZPbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            3456.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://campaigns-events.cmh-1.onpdr.com/track/link/p0ob8k5w5d/89ii6oqvopu369ejvuk00avz5/e6l9ywdn8m#m24d3ccllFpr8J7fl1Diio2WMKpupSmABVS0EYtKTxmQWHS5xCCOMMYWxlamFuZHJhLmFsbWFuemFyQHNlYWJvYXJkbWFyaW5lLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://cdqv.lambevip.site/4vywRe2910cNYr364eiqjrxibvf14478CJLTWCQKBRVUFHM234008XTXI8858k18Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://t.co/XpDMy6IyeqGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://url2969.emails.church/ls/click?upn=XK4oo68R2SZZ95GJ624n1tbmv2Rhlrx4Pk7zRIUM0x7-2B9RfJoni0s-2BEE3QXWko4ZLqza_EkRkegmYzM7dalXjFusseqadGdfaoAC-2BOtcKPorBK3in47EpmxWmVRJS-2BSKo-2FxHw3zBJf4TjM2QylO7cbZkpoie3LsLb0B1xs4ORSEPBhGrtx1xiXMMv1Qi6jpJmV-2FApRRk42-2FS9oama-2B0BV6z-2BEV8n4mBARIrx6JBdh4GkAKYC4nt31BsrjWOZ61IlfTHTQpaUvStl1TbEn5eo3sQKs4qA0-2FKDpwpbGPmGqDEoniSWkDJrpPASVhTNF4l7qkIE7btcCfKFyrCjZpaNs8845zw-3D-3DGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://url3948.rickhansen.com/ls/click?upn=mt-2BpP9XKXFpxyT-2BZ8LvZwhP2KGeLZ9ZHoGM7uEXarEHM-2F4pH7vF2AroIc8w3vogP7DCA23QFNJ-2FS5tN-2Boa7BLH6SFVy7yF-2FVVVe5ikUK79Un8TU-2BZEFJGaplFzK-2FxyWqS4KvVOjdYJwOmiJt4ruIx8u4WomIrwyj2GGANB3v-2BFU-3Dj7nI_BgO-2FprwtGDPWtmrD4vx2xz4oCnshrwZk15-2Bo65e53G8v781drlMU7eZysSj-2F2IkpdVlaNqXHBqo9jNpHNdlchXOSi4ldDUQd8zIkjqZSyOTOe8KQT-2Bg5bnI6I85b7QbMLnYqxsXkIfeAVS9G7v4rJL-2FoQxwfoJUD2Tlfkr7AnfSLwyl6Iy7ZVSAweeaPjBRhgfbxmEeOMLu5EMv825k9Gw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://experiencescanada.caGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            Update Payment.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://r20.rs6.net/tn.jsp?f=001Z6HyAbG-j1DszeWP1WtSvABz3o5TJ8YhbVIhOts9sw-6Mlb-S0F8_gqk9B2DbApI7AFX_nyqsPzx5RzxXfj0Zqu_t3X7wn_eeRdjp4NlAI3qzmxYHFoOG0s7QuE65AANbk20SU7NSMe3En0z7YMvljFGz58N9Yhuy5ywlLnWW3o=&c=&ch=&__=/xNdQR/anNodXJ0bGVmZkBkc2kudXM=Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            SecuriteInfo.com.W32.Injuke.BM.gen.Eldorado.5623.27861.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://fltx.slotvip.info/4iQyKf2889LAru273issvfoqenp14030ZXSSZOMWDBNPYRG2894UBBC8832i12Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://camdenblackcreatives.org/dnv/imagens.aereas@aan.ptGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://agoda.onelink.me/1640755593?pid=Email&c=inquiry_booking&af_dp=agoda%3A%2F%2Fhotel%2FAgoda%2520ABS%2520Dummy%2F2544216%26temp%3D0&adults=2&children=0&rooms=1&checkIn=2022-02-17&checkOut=2022-02-20&los=3&cid=1772772&af_force_dp=true&af_r=//compramas.com.bo/facebook.com/6l0mngKPHS/YWNjb3VudHNAaHlwZXJvcHRpYy5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://cenlighting.co.uk/map?911adGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://padlet.com/Alliance00001/project-proposal-document-a2elxmf49flbrj02Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://dgfip-finances-gouv-fr.webgovimpot.com/connect/fr/cb4d4/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://www.google.com/url?hl=en&q=https://google.com/url?sa%3Dt%26q%3DK%26rct%3Dr%26esrc%3Dyil%26source%3Dweb%26cd%3DTZY%26cad%3DV060N%26ved%3DeFibKjF1LjOn%26uact%3D75%26url%3D%2561%256D%2570%252F%2574%2569%256E%2579%2575%2572%256C%252E%2563%256F%256D%252F%2532%2534%2533%2568%2576%2561%2538%2578%26opi%3D277022106306%26usg%3Dmcxa10wP7nCyX&source=gmail&ust=1705478797125000&usg=AOvVaw151ZR-_npJv54hK5v10r1lGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            Payment_Advice_HSBC#40987650.pdf_.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            28a2c9bd18a11de089ef85a160da29e4https://login.naipinnacle.com/bNTgxgwwGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://d2-d7j04.eu1.hubspotlinks.com/Ctc/2N+113/d2-D7j04/MWWYTt5r4sNW32YxhD1TbJDJW3mxgk358lJ2BN4xH9dl3m2ndW6N1vHY6lZ3m3W66fnLs3LLYk8W74gfcW53cZCXW6wgLTk8kF42rW8wsQZM4t-GV4W5Qc7nw3MkfTkW2pBGV754QLSTW6h3n8V48rzB6N8Gf9MJKbNhqW352xxk4F2L28W2MvPXf3x5Dq5W2lM50W5qF01zW82V4v71q-3mKW92ZRmc4RJdxVW5nXbl18hQnlMW98mk0L7xfcxgW5c-jDJ2c0Fc6VLWXcs3CD8PJW857csp55FM5JVBvGfj7XxxsJW2ml1WY52LK2BN8607QMSkJcfW3H5d771dqxwHf5fkHSP04Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://tsmtpclick.com/unsub/qaR9ZGt1BQH2AQtlAmNlZmVmAmRlZPbGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            3456.htmGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://www.alulike.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://campaigns-events.cmh-1.onpdr.com/track/link/p0ob8k5w5d/89ii6oqvopu369ejvuk00avz5/e6l9ywdn8m#m24d3ccllFpr8J7fl1Diio2WMKpupSmABVS0EYtKTxmQWHS5xCCOMMYWxlamFuZHJhLmFsbWFuemFyQHNlYWJvYXJkbWFyaW5lLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            Screenshot.cmdGet hashmaliciousGuLoader, XWormBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            SOA_FROM_UNIBEST.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://www.bleckt.com/bitrix/redirect.php?event1&event2&event3&goto=https://porekel.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://porekel.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://www.canva.com/link?target=https%3A%2F%2Fez1di49uo4cj-1323563947.cos.na-ashburn.myqcloud.com%2Fez1di49uo4cj.html&design=DAF6DQKWx4YGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://cdqv.lambevip.site/4vywRe2910cNYr364eiqjrxibvf14478CJLTWCQKBRVUFHM234008XTXI8858k18Get hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://t.co/XpDMy6IyeqGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://url2969.emails.church/ls/click?upn=XK4oo68R2SZZ95GJ624n1tbmv2Rhlrx4Pk7zRIUM0x7-2B9RfJoni0s-2BEE3QXWko4ZLqza_EkRkegmYzM7dalXjFusseqadGdfaoAC-2BOtcKPorBK3in47EpmxWmVRJS-2BSKo-2FxHw3zBJf4TjM2QylO7cbZkpoie3LsLb0B1xs4ORSEPBhGrtx1xiXMMv1Qi6jpJmV-2FApRRk42-2FS9oama-2B0BV6z-2BEV8n4mBARIrx6JBdh4GkAKYC4nt31BsrjWOZ61IlfTHTQpaUvStl1TbEn5eo3sQKs4qA0-2FKDpwpbGPmGqDEoniSWkDJrpPASVhTNF4l7qkIE7btcCfKFyrCjZpaNs8845zw-3D-3DGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://officeau365.live/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://indd.adobe.com/view/17917b64-87c1-4996-a308-311f7530dc70Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://my.bleep.is/s/3b87f2b0Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            http://t.ocmhood.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://thepiecehall-my.sharepoint.com:443/:o:/g/personal/alice_bailey_thepiecehall_co_uk/EjWZnrwvL_NEvRNFzjIEyrkBCjxZm3JFiqR9uLcShv_eEQ?e=5%3aJfKzbl&fromShare=true&at=9Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            https://charlie.bonforket.com/52y655e/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.85.23.86
                                                                                                                                                                                                                                                            • 23.51.58.94
                                                                                                                                                                                                                                                            • 204.79.197.222
                                                                                                                                                                                                                                                            • 173.222.162.64
                                                                                                                                                                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eProject_Offer_2024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            http://t.ocmhood.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Ypqxbp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            hareketleriniz_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Ypqxbp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            #U00d6deme_kopyasi_pdf.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            hareketleriniz_pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            202401-5581470012.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            FedEx_Receipt_AWB#883053232014374654.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            FedEx_Receipt_AWB#883059123201.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            FedEx_Receipt_AWB#8830532320143.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            RFQ_N0_6547-755-2024.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            PROJECT_RFQ.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Ordine urgente IBM usering S.r.l 16012024.vbsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Payment_Advice_HSBC#40987650.pdf_.jsGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Faktura_No.1000024517_11.01.2023.vbsGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            ehehre.htaGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            Payment_Swift_103_TT_USD_7145.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18
                                                                                                                                                                                                                                                            New_ScanDoc#092387CHASEeAdvice.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.159.126.152
                                                                                                                                                                                                                                                            • 20.25.241.18

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\System.dllqZSULDXKfu.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                              qZSULDXKfu.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                JTT_4240101203000.xlsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                  bookinginfor^%$#@.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    rSPAREPARTSLISTS.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                                                                      rSPAREPARTSLISTS.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                        SecuriteInfo.com.NSIS.Injector.0195.tr.9123.24053.exeGet hashmaliciousGuLoader, LokibotBrowse
                                                                                                                                                                                                                                                                          SecuriteInfo.com.NSIS.Injector.0195.tr.9123.24053.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                            SecuriteInfo.com.NSIS.Injector.0195.tr.1375.28345.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                              SecuriteInfo.com.NSIS.Injector.0195.tr.1375.28345.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                PO-001.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                                                                                  PO-001.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                    DHL_AWB_50_No3354087_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                      DHL_AWB_50_No3354087_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                                                                                        https://free-pdf-pro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          https://free-pdf-pro.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              vDX1sR2a7h.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                                                vDX1sR2a7h.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                                                                                                                                  Kiwi_Syslog_Server_9.8.2.Freeware.setup.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\17383abcaccac263\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):65552
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.012352500787205218
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:hvqKHllGlll/l/lXp9ZjrPBY0zl/7/llZP:0KHl0dPBY0zZlz
                                                                                                                                                                                                                                                                                                    MD5:1B709618A1839A4ACFC6B5230D917CEA
                                                                                                                                                                                                                                                                                                    SHA1:5C9FC133AA9353E9BCECBE8FA26B21BBA1263C25
                                                                                                                                                                                                                                                                                                    SHA-256:16E72E90498EDB2F7548360410C7475F7B7B65A1B147BFD89C46A59EC100A353
                                                                                                                                                                                                                                                                                                    SHA-512:2F09214611D3FF993E78E895B09E7BDD51F4A33A0B9628684C779824047DC6D2ABDB480112A2982F4D04C0346A2D6419DC51BE97EFE11865250834D64FD0F1EA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:b...........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\17383abcaccac263\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.5
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:R:R
                                                                                                                                                                                                                                                                                                    MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                                                                                                                                                    SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                                                                                                                                                    SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                                                                                                                                                    SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:EERF

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\D3DSCache\17383abcaccac263\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):65536
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.02402875510209992
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:9llZllbd2DJqojrGjLlA6maVd2sN2lLIulv0RlKelAAtt/llaia9sVQMm6En:89q0fa2sE0uaW6dtb2Hrn
                                                                                                                                                                                                                                                                                                    MD5:CD8AA958F5012FD816BEB14BC48D743F
                                                                                                                                                                                                                                                                                                    SHA1:B0FF87C9790F4F0F83716D7E361FF7B7F58B92CA
                                                                                                                                                                                                                                                                                                    SHA-256:832EEEE72AFA95F28761C45022E5B4B14772311B2F7A4CEFBB7292B7AD4615EF
                                                                                                                                                                                                                                                                                                    SHA-512:8A36E290C5AE70C1C4D51E636E16CEB4C17E52BFA2F401164177556C264C0F7DC39DCC2121EA567DC73C8E21EFC653F1C26DF0724F26C0C6E54D476842A5141D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:................^...(....x:no.&A.e.u~+..C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.P.C.A.p.p.S.t.o.r.e.\.n.w.j.s.\.N.W._.s.t.o.r.e...e.x.e.................................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\fa_version[1].htm

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:pEn:2
                                                                                                                                                                                                                                                                                                    MD5:34263D558D9E5A7EDC04F8D80C76649D
                                                                                                                                                                                                                                                                                                    SHA1:9CF0B311765445B7BB1C9B25767E615019305BFA
                                                                                                                                                                                                                                                                                                    SHA-256:DDA3B20D07CF936A8EBF80B771BF76A130AEDE7ABE77261D1FD254D4A3AE3450
                                                                                                                                                                                                                                                                                                    SHA-512:BD8A989E06F7A23105419AA7785A465484657E1C2BB6403CA0402B5A5251172F7074A86AE57CB4800A90FBC1EC69E31D1DBCE9103535CDFC3A61EB2AC2103F78
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:fa.1059o

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\notify_app_v2[1].htm

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:4:4
                                                                                                                                                                                                                                                                                                    MD5:552DACB15F2019C8F3F74C55BEFA242C
                                                                                                                                                                                                                                                                                                    SHA1:9762053D4DEFB8BE822CB0957983A6B8796976D6
                                                                                                                                                                                                                                                                                                    SHA-256:32C4858E22CC2C967B42150FA550562A2C839C2CEBCAAB91CABDF6F4DA020022
                                                                                                                                                                                                                                                                                                    SHA-512:A80F7CC2606EF6E5474E96B1E520C17ECF432F0DA9A566BD157044130CFB548F10D929FFB5783008DF78B6D07D07D109BFFBAD1998CB8309ECCEC7E4D3FC813A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:#.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\pixel[1].gif

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\pixel[2].gif

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\c6e6ef57-8bef-4471-a18d-2c752e177225.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                    Size (bytes):228476
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.996810487627207
                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:0yDwLNnLgVQGBLR28w0/key9HH7/ZnseEtc5w+4utELtS02IF+4H0fNmeA28DQ:0yoNLTgNVbkeyB9wn6ELthvDimeAbs
                                                                                                                                                                                                                                                                                                    MD5:09D778FDF126E2036B2F1E4390F79E1A
                                                                                                                                                                                                                                                                                                    SHA1:8A58EF62EF9E558E64010A5FB490ED59EAC441F8
                                                                                                                                                                                                                                                                                                    SHA-256:85B40168223818251314F4A33B450C6FAC8A06A8CAE98AD2E3A4B6979D7612CC
                                                                                                                                                                                                                                                                                                    SHA-512:DBE6CE882C0276079424C435EE45EAAD883C1BEEC75AFED2A5935DD91B0F2B2F5BF540700673DC7749DB4B33A9655289CF14C9BB779F282A439E7102B637B345
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............X......pHYs.................sRGB.........gAMA......a...=GIDATx..}i.$.u...sgf..b.=.....$....%P.m.`P.....3..fX.....v.#....O..a.q.?$.#l..$Q......X.$@`......;..sv.s..|./..zzfzf.g.M.TUV........G.S.E...-dJ)h42h..V...j... ....j..V[...R[m...Hm.u.. ....j..V[...R[m...Hm.u.. .mI...^X....!...U.j.m.[..t... .mI#X.p,6.g.!_R.n.....ax...ly....mK..3X|_....4..P!.m......3Xz.....a.z...T.*..R.3l+.....]...t.o"4Fta...M.J....p.....B.Jr..A.~......6.........af.d....U8v......b.o5A-*.s....l.`d".......y4R+.....1.`........-e..(.|6.@.aI..... .(..S..hk.h...W..|....S.....F..Y....`W.)h-ip..S..FR5.....A...>..j... .].a........@.......Y.......B577k.........S'.]...........W..K?..Wg..{.~....;.zI.(*.:j.....N#...SFR-..H..Y_Z.@...e.H.|...W^~.....m.w........V}........Y......|............^....c...=....H!..9s........(.Vm.....:..}..9[....q.IF.x.....~.@.%.X.. ./].....n..s.2/..|!...;5sL...`..?y.,?.s......Y.....G?|.>..?...z..Vm........A.4......a^*....;0....A.1..Z.(.F.....

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsp4784.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):7
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.8073549220576046
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:Ngn:Ng
                                                                                                                                                                                                                                                                                                    MD5:C21F969B5F03D33D43E04F8F136E7682
                                                                                                                                                                                                                                                                                                    SHA1:7505D64A54E061B7ACD54CCD58B49DC43500B635
                                                                                                                                                                                                                                                                                                    SHA-256:37A8EEC1CE19687D132FE29051DCA629D164E2C4958BA141D5F4133A33F0688F
                                                                                                                                                                                                                                                                                                    SHA-512:1625CDB75D25D9F699FD2779F44095B6E320767F606F095EB7EDAB5581E9E3441ADBB0D628832F7DC4574A77A382973CE22911B7E4DF2A9D2C693826BBD125BC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:default

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\NSISFastLib.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):128512
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.314247648926824
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:5fJWHeKl+Ck+8cUh2DnmYiyogqqIBGXmon/S2GH:5fJWtpl8JhknoFsSJH
                                                                                                                                                                                                                                                                                                    MD5:FD536F0A2A489E7135A0BC0B11870082
                                                                                                                                                                                                                                                                                                    SHA1:8F5D8A20F27B7E8509E9F3E4B270E73E41829CBC
                                                                                                                                                                                                                                                                                                    SHA-256:349F0844080C71DD430AE8362A1D7C248034F4CF2D06EE2925C549C702D71B73
                                                                                                                                                                                                                                                                                                    SHA-512:70F3610893B1900B486F4477D462B52936F4C6E74ECD3EAD6D5D1AEDE716D75A295D15E46342EB530D538415C325572E35B335B4EC0F500FDC0C6E4492B3CFC2
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......wb.S3...3...3...x{..9...x{......x{..'...x{..2...............<.......&...x{..8...3...@....~..7....~..2....~#.2...3.K.2....~..2...Rich3...........PE..L...@.fd...........!...#.P...........k.......`...............................0..........................................|.......d.......X.......................D...H...................................@............`...............................text...RO.......P.................. ..`.rdata...x...`...z...T..............@..@.data...............................@....rsrc...X...........................@..@.reloc..D...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\System.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                                                                                                    MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                                                                                    SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                                                                                    SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                                                                                    SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                                                                                                                    • Filename: qZSULDXKfu.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: qZSULDXKfu.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: JTT_4240101203000.xls, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: bookinginfor^%$#@.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: rSPAREPARTSLISTS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: rSPAREPARTSLISTS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.NSIS.Injector.0195.tr.9123.24053.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.NSIS.Injector.0195.tr.9123.24053.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.NSIS.Injector.0195.tr.1375.28345.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: SecuriteInfo.com.NSIS.Injector.0195.tr.1375.28345.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: PO-001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: PO-001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: DHL_AWB_50_No3354087_pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: DHL_AWB_50_No3354087_pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: vDX1sR2a7h.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: vDX1sR2a7h.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    • Filename: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\image.gif

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):997
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.188896534234179
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:2E5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0n:tAlHOjOX60ENvRVZKbEn
                                                                                                                                                                                                                                                                                                    MD5:1636218C14C357455B5C872982E2A047
                                                                                                                                                                                                                                                                                                    SHA1:21FBD1308AF7AD25352667583A8DC340B0847DBC
                                                                                                                                                                                                                                                                                                    SHA-256:9B8B6285BF65F086E08701EEE04E57F2586E973A49C5A38660C9C6502A807045
                                                                                                                                                                                                                                                                                                    SHA-512:837FA6BCBE69A3728F5CB4C25C35C1D13E84B11232FC5279A91F21341892AD0E36003D86962C8AB1A056D3BEEB2652C754D51D6EC7EEE0E0EBFE19CD93FB5CB0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:GIF89a............P..........4q...5j...O..F.].......................o..._.....5y.t........\....K>}...g..t....X...B..ET....t~....go..Jx...........|..U!f.|....>u.M.........w>..+r...|...A{.....t...E...b.8}....d....A.....R..y..l...w....G5u...{....t.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,...............H..A....`pp....~.xR......d.......,...D...)2 .1.....N` R......(@......,8RDA../..XB....P.F .....#...b`F...#8p......<\.`.........A....n|.CH...........+... .E.....d`.@......;

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):39424
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.684597989866362
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:njt65uI9oYzcCaHjl9Cb4I1f0AGhrHXoREnRxtIpH/u0abJ2v2DW9O9tk8ZwkpwD:noHtNQoRSIwTJB6Q/kPyBp6
                                                                                                                                                                                                                                                                                                    MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                                                                                                                                    SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                                                                                                                                    SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                                                                                                                                    SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):26494
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.9568109962493656
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                                                                                                                                                                                                    MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                                                                                                                                    SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                                                                                                                                    SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                                                                                                                                    SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):9728
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.158136237602734
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc
                                                                                                                                                                                                                                                                                                    MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                                                                                                                                                                    SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                                                                                                                                                                    SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                                                                                                                                                                    SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nsw9AC7.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 37778931862957161709568.000000
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):298466520
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.901553605709744
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3145728:mE8FVcl7iLKrcyeUC4NnHhfPflpRy0mVw2pDVxQ:mEU8ZLJHBRDuk
                                                                                                                                                                                                                                                                                                    MD5:61DF62C6F9A1719D3EA317887B00BD36
                                                                                                                                                                                                                                                                                                    SHA1:3250D6B86654D167F6EC96EF064E3CCC119E6F00
                                                                                                                                                                                                                                                                                                    SHA-256:190C8D3DC5969F70113BAB89466B9E96FC6C84CAF07F1220FFD8F62C72A17999
                                                                                                                                                                                                                                                                                                    SHA-512:AEDA53A097E3E23227D548A60B97653BB6BCCE771ECC7B046FD799693CE0B27352A4D826A077EDFEB4B50342F5DA3394840FF1B45B72576FE165F38806099525
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:jE......,.......,.......D...X............D.......E..........................................................................................................................................................................................................................................0...3............(..................................................................................................................................j.......................t...................................................................................................................W........'..................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\temp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\~DF8A56FB073441E64D.TMP

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.7177007074462067
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:rl3lKFQCb77AE5KZbHOjOruFw6MLxENScRVar7FC53tK1Oqd3Aa0:rqAlHOjOX60ENvRVZKbE
                                                                                                                                                                                                                                                                                                    MD5:C5FFA10E36333DA64182FE6815E499EF
                                                                                                                                                                                                                                                                                                    SHA1:ADE31CD568D51301475640611FAE716FC728525E
                                                                                                                                                                                                                                                                                                    SHA-256:1AA9FF898523D39BC44AE408A2AB0C4E088EBD4281AA15E4317B6BCD9CD9E251
                                                                                                                                                                                                                                                                                                    SHA-512:B2A01771267AC76A59B85F7C53F9A3052F8A059013C0750BB23AD7CC79706501480A3907C8BCD85A604F2C2947EADA9C69986A80FFB0650DD0F5E98B2F5EF6D1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\4a0bc0cd-2dc7-4f18-a3c3-e4838f0d4af5.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3301
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.705099972884849
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:An6Tf1rX+Dotoa/KtBl0ffM6rjYrQuD8la:AntDUmlJ6rjYrnQ8
                                                                                                                                                                                                                                                                                                    MD5:73911907CBF2F90E674DB10276B6B03C
                                                                                                                                                                                                                                                                                                    SHA1:C45FE3A4813E57C3BE85BF67712A0CFDF4F9F255
                                                                                                                                                                                                                                                                                                    SHA-256:8154320C75F76422101373170566BC0A6FB0C2F0E2F71BA99D12DEAF4B0A3E20
                                                                                                                                                                                                                                                                                                    SHA-512:A098E6DEDE6DCBC41BF4ABEF685921CE459F473D928EA869A5F2608F2AFD2A59B8A926BFED3375DC334D3231011B6439DCDC93C031A5426EC170EB0FA38946D9
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"browser":{"shortcut_migration_version":"110.0.5481.97"},"hardware_acceleration_mode_previous":true,"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.705436220398581e+12,"network":1.705436221095e+12,"ticks":5737195638.0,"uncertainty":10226064.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"policy":{"last_statistics_update":"13349909807992971"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{"Default":{"active_time":1705436242.605306,"avatar_icon

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\7f680dc2-9b8c-48f4-9e26-3b1f95cb822f.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):93300
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.772103664086291
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:ranCo9ltjPtWNQyZQEKQDGhUUGZBcM6Cp8e81MIM5lw+FOruf1f1q02N1zpxXib6:Y43eJZ4SKOqzMwK5CHZQ
                                                                                                                                                                                                                                                                                                    MD5:704550EECB243DBE7E96B4BDB9CEA66F
                                                                                                                                                                                                                                                                                                    SHA1:4C29F66130AE74C3CE505B9E41849F0C0A574D0E
                                                                                                                                                                                                                                                                                                    SHA-256:EA2320D60A5EA2BB4416B5B506199D41DE91E411209EC935AA8DF14543856936
                                                                                                                                                                                                                                                                                                    SHA-512:555BCC050B719680E70D3AD664C444325551091473714EF1042B58D4C6EBD7F58E68855DE969A2F0225CA577BFB066455F93BDCF919883BB9880D78B0CA6BEFD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:pl..............m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\86978ecd-3dc6-4eaa-922c-e2b40ff5061e.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PGP symmetric key encrypted data - Plaintext or unencrypted data salted -
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):96912
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.771206531408509
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:PanUo9ltjPtWNQyZQEKQDGhUUGZBcME/TCp8e81MIM5lw+FOruf1fhvq02N1zpxT:O43QxZ4SKOqzMwK5CHZI
                                                                                                                                                                                                                                                                                                    MD5:7A636C21CB0C000BD086C76D9DAEF5EB
                                                                                                                                                                                                                                                                                                    SHA1:F2DA0ED193444BBE0B8516C5418CDBB4E68FB2D5
                                                                                                                                                                                                                                                                                                    SHA-256:A15841688FAA92DC2F0713FEFD29BD2CE1AC27E079FFF339C56350C54BB97C55
                                                                                                                                                                                                                                                                                                    SHA-512:FF01892555FBF780AFB2C5501B8D56CC3D993E6218B9D09B28A7F09287F69F1E7D4A21A98EC3F586D693366CC712B59C4AE974788E7CDE79EF148A5AE29D868A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.z..............m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\9e4a91c6-569a-4418-b859-82e30be9abf6.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:COM executable for DOS
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):101052
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.771104862875981
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:JanUo9ltjPtWNQyZQEKQDGhUUGZBcME/TCp8e81MIM5lw+FOruf1fhvq02N1zpxO:E43QxZ4SKJwzMTK5CDZr
                                                                                                                                                                                                                                                                                                    MD5:585AC369965A278403819884F8B342AF
                                                                                                                                                                                                                                                                                                    SHA1:BB39A3A7793C3F3EDF01A359CD06AB46ED8E1EF8
                                                                                                                                                                                                                                                                                                    SHA-256:1EAC058078AA900D4A4020E96EE66644BC13142DC47BF76CA473B0A152010B41
                                                                                                                                                                                                                                                                                                    SHA-512:28862636FAEE39A86A809829869484E10471C426D256A0325EE117DD9282ED4B1F65D4746F2199501808D1D91075FE2E68D6DEB0F626C6987FCC81CB8860D459
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:................m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                    MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                    SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                    SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                    SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3::
                                                                                                                                                                                                                                                                                                    MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                                    SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                                    SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                                    SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\BrowserMetrics\BrowserMetrics-65A6E42F-408.pma

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.33555664879758595
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:5fFjjzIm64dhaZEjCkWk4GvZERih949AKv+EzE:5fFjIXIhaejXWWvNAE
                                                                                                                                                                                                                                                                                                    MD5:94F5D654CB1C68DCF26D6A10EA0BD5CD
                                                                                                                                                                                                                                                                                                    SHA1:68E133E1998FDE6E4127737EBB9B2B43DF0B0748
                                                                                                                                                                                                                                                                                                    SHA-256:3DC7E71C5C63738AABBA599F2DF3F0892103213FAF2EEB9E617A81B8D9AA61B7
                                                                                                                                                                                                                                                                                                    SHA-512:574EB6FCE3A5D299D3ED630193703C0A2912FBF90691A7D0402F338D3B7CBDDE27A5DA020E5D1E63B8DAAD13E94F6A6B21694F207EF85248E98EA90BE8FBAF56
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@................Z..8Y..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....*.........110.0.5481.97-64-devel......".en-GB*...Windows NT..10.0.190452l..x86_64..?........".gbchjd20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J..>f.%...J?J..!(>...l#.J.."~B....J?J..voG....J?J..{......G=J....We.Z.{7J...?.?.V.Q.J..R..6...J?J..m#:^...YJ..;.....J?J....9~...J?J....IS...J?J.....L...J?J..mH.....J?J.....O.R...J..jC6_.^...J..........J..:.Y....J?J...!.....J?J..&F.....J?J....W....J?P.j....... .8.@..............(.................$6c5faece-50e5-4eb3-a437-c465a803f2dd...... .J?.g.z...6.'D.I.V.bHA.7L..].cj1...4..0... ...MediaFoundationD3D11VideoCapture....Enabled..4..0... ...ReduceUserAgentMinorVersionStudy....Enabled..0..,.......ReduceUserAg

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1048576
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0058175202510221975
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:bHikaXhVMMBKEKSCemJKlkQITagigpCbUlQpYJ0X:bWROMMBS+Mkv/igp1lYYW
                                                                                                                                                                                                                                                                                                    MD5:9543068B6751E1F3E11F91D72EE78D95
                                                                                                                                                                                                                                                                                                    SHA1:B1008DFD703AAFA529C36C9E68AEBFA6237105F8
                                                                                                                                                                                                                                                                                                    SHA-256:D060AD21AE6E04CB58668CAA52ADFCA573E018102CC07554D2ED3EAE11AB7785
                                                                                                                                                                                                                                                                                                    SHA-512:F3D524DD5B7BF9E36BFF023915F448521C4FBA37EB884B4F2405AA61A5BAF69FDB394E37C00DBD29DFBBA20E1829479AA307D96CD46E1E1B5C255DC709FDBA09
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...@....................@...................................`... ...i.y.........CrashpadMetrics.....i.y..Yd.X.......A.......e............,........5l.*...................5l.*.................UMA.PersistentAllocator.CrashpadMetrics.UsedPct.h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A...........................?....{.................@....{.................UMA.PersistentAllocator.CrashpadMetrics.Errors......i.y..Yd.0.......A...............p..._..-.....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".............................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.39546184423832
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:FkWXlssKba:9sh+
                                                                                                                                                                                                                                                                                                    MD5:F52352CCF07B557E1D40AF08A3323459
                                                                                                                                                                                                                                                                                                    SHA1:7776A8685367EC8A7E4829D5198D45E50845B8E0
                                                                                                                                                                                                                                                                                                    SHA-256:AFA64B1CB34DE0D91C12C49E9C1443DBE8C6D7FDF712DC7EF4491B67619781FD
                                                                                                                                                                                                                                                                                                    SHA-512:5BBDE820679358EDCAD778002BA60F1C8AFACA575624BCCAB2B8F79513B20AB672526C168DBB1008B467D35832FE963B4124E0D1CC250AC26E41FAE8345B92BF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:sdPC....................xh.W...A..^>...?

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\06a07398-be77-4b6f-a5bb-33dd1c1c39ea.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\0c7c7aec-899b-4a3c-bda0-cb0824f55b9d.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):151668
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                                                                    MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                                                                    SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                                                                    SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                                                                    SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\3ac0f29d-6bd5-4ddb-917f-962b237a467f.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\3cf64f08-182d-452a-ad85-6c50f1f8c289.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3990
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.022900083190324
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0l1OlfRxWJVaiZRy7Dx+6MSmueg+O2MJ:rnOP0JVasyh+Fw5PJ
                                                                                                                                                                                                                                                                                                    MD5:FDA9057D0845B9D3AA0C34B3C137B831
                                                                                                                                                                                                                                                                                                    SHA1:D8472353891EB2AECF794C8A803C2B6B2AC043E3
                                                                                                                                                                                                                                                                                                    SHA-256:E5BF9F5A22B37B5A9A5AA64C8DAD5A719E6204E6EE46B36F48C32DF0AD326F7C
                                                                                                                                                                                                                                                                                                    SHA-512:86D2BB38A5F6D0C3F626E7C5C67D999EF4E830F76C23E2EFD704EBFF71F94ED8B74BC2D5B0FAAAB07A0B4742D87417DC6F07AB713E55033F6B84FC9EB755F44A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":692,"fullscreen":false,"left":340,"maximized":false,"right":940,"top":292,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"inv

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\4fe96b35-e44b-416b-89e3-ac2f4adc61d1.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4116
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.028377200063483
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq08OlfRxWJ9SaiZRy7Dx+6MSmueHO2MJ:rIOP0Jcasyh+F+PJ
                                                                                                                                                                                                                                                                                                    MD5:F5ED5DEE2C804BC200CEA445650D484B
                                                                                                                                                                                                                                                                                                    SHA1:955EE677597ECAE5FA3F6A3CBCDB28E4A1EB510F
                                                                                                                                                                                                                                                                                                    SHA-256:B0C9EB8BC6422D7A57237C5629FDE308C4FD1A00A10B0099EA60FCB8067671C2
                                                                                                                                                                                                                                                                                                    SHA-512:42FEC726CA067AD8DF0BBF8535D0DE8074440300F81CFF2EAFA1BAB581A92F45FF233403B058C51A07345D3080C92FA0E7D56074933566088BE49F653F3D0765
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":42,"fullscreen":false,"left":0,"maximized":false,"right":1280,"top":0,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalid

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\814aacb4-39e1-4b88-9784-f5faae27501c.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):438
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.061695503320746
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:1HJV+ygdRN6UVY/YW1+F6sKOOaxVRpCXx5P/FojN64wFvn:1H/+dc1BxOOaxVRpCXfNovwV
                                                                                                                                                                                                                                                                                                    MD5:9CBA2F00E4A174FD6FF92E12234D01C3
                                                                                                                                                                                                                                                                                                    SHA1:AA5E966AA01541EFF7C64801A0CDC9B21F999C84
                                                                                                                                                                                                                                                                                                    SHA-256:BFE196FFD4A6C924CBC58846967BF747ECBDE7F07BA4D21B1F3AA5D7921322DE
                                                                                                                                                                                                                                                                                                    SHA-512:BA19BEB75EF65C20C7DAE5B5E633DA245A35C4AB48235A0F579A7D4761DB81172451A16EF9B3AF36D9B40964AAFB3E4A218AF60EF8338EC4B002A9CDFD0C0DDF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{.. "config_version": 1,.. "epochs": [ {.. "calculation_time": "13349909819291600",.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_size": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "77A5D92408BA1717C0E4F0A2D42B5EF1F81D19D1F4BC8D8D59A1C5A7A6BD691E",.. "next_scheduled_calculation_time": "13350514619291682"..}..

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\8bf8b46c-ec0e-4ead-943b-2437e2316886.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):151668
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                                                                    MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                                                                    SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                                                                    SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                                                                    SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\9037302e-c78f-4837-8fc9-10d4c717900c.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4295
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.035228597475582
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0VOlfRxWJ9SaiZRy7Dx+6MSmueesw9O2MJ:rhOP0Jcasyh+Fu0PJ
                                                                                                                                                                                                                                                                                                    MD5:99F8B288FC70D449FF7C469888A87AD4
                                                                                                                                                                                                                                                                                                    SHA1:4D5B4C074AA4842FFAA7DE0F5C1DC81013B61271
                                                                                                                                                                                                                                                                                                    SHA-256:025B1C16778F346CB844D15B90A579BE2ED26CCD91019B0B4E2C76B67498A55F
                                                                                                                                                                                                                                                                                                    SHA-512:F6E045A33C48FCFC6637FA0933A0F7C9B84C376E4F2A685C1066D69674E913D2089F7E6173528540A183D7951A8586F6818C038D90914C57D3B0767A17013BE8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":984,"fullscreen":false,"left":648,"maximized":false,"right":1148,"top":344,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"in

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\93b5c42b-9f09-471d-894f-86c1e8dd8148.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4193
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0332384291579055
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0VOlfRxWJ9SaiZRy7Dx+6MSmueSw9O2MJ:rhOP0Jcasyh+FaPJ
                                                                                                                                                                                                                                                                                                    MD5:4B15173DF9932A39A1B7895587D72C7E
                                                                                                                                                                                                                                                                                                    SHA1:8376ECB0B0B950EF70DE35B8301A5978A6495570
                                                                                                                                                                                                                                                                                                    SHA-256:775A37AB538D43F2B7A8A9C1F07655A7B64A636343FE0D4E3E7884D3A8D25FA1
                                                                                                                                                                                                                                                                                                    SHA-512:A5ACD24BC52E46FC5395700E05E6F084F06F3579F151DB5F314E50762781525D76BD7F1A19CAB02F4D2A7176D37AF9C05601921006B263183A4341A246247D41
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":984,"fullscreen":false,"left":648,"maximized":false,"right":1148,"top":344,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"in

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Affiliation Database

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.42021731113191285
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:TL4XUS0GNvN2HLvKroyr0n4BmhltoVOq6UwccK5fBGQw:TUXUS6LS0aVOlU1cCB
                                                                                                                                                                                                                                                                                                    MD5:1D90D8ECB26FD0FD88C42A22827269D4
                                                                                                                                                                                                                                                                                                    SHA1:D0DF9BF0E2259D8101FE84A1020B76BE559BFC75
                                                                                                                                                                                                                                                                                                    SHA-256:971176B58710991AE8C338A3D0EF19A95619C63D4DC1A018767A71970AD23B2C
                                                                                                                                                                                                                                                                                                    SHA-512:5E70BB58F92D604E6A989D5B2B63E04E0277C670D115695420201368ABAC358670F63379739BC94FDA2ABE5EF0EA4AD686EBA17FB0AFEAED5A7DD5228D29DEDD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g.....e...$.y..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\BrowsingTopicsSiteData

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):24576
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.40298635078977063
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:TLi3lMQXUUfzBW8ybwaW2b8wAs76uvsUkHZ6HFxOUwa5qgufTsZ75fOS:TLi2QXBzlRr6hkc6UwccI5fB
                                                                                                                                                                                                                                                                                                    MD5:CE4A1F9CBC0422F32F99FA89950E7760
                                                                                                                                                                                                                                                                                                    SHA1:C0FC376667F5DDF5C1D2DB66F3E2147E438BCBA8
                                                                                                                                                                                                                                                                                                    SHA-256:008223FD39DE4B0EA6BE5E340185C78BD0E842DF80170B7F7DF0143775637ED9
                                                                                                                                                                                                                                                                                                    SHA-512:5E6FF8AB6426B7D4DC6C32DF862B89DCF1E2A29D63CC47E260CA27800D7AB5129B1950684870FE6F23C77CF6838AB5B981C5BD08C2947F5E723BDA1585012A36
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.......o..g.......o..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\BrowsingTopicsState (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):438
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.061695503320746
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:1HJV+ygdRN6UVY/YW1+F6sKOOaxVRpCXx5P/FojN64wFvn:1H/+dc1BxOOaxVRpCXfNovwV
                                                                                                                                                                                                                                                                                                    MD5:9CBA2F00E4A174FD6FF92E12234D01C3
                                                                                                                                                                                                                                                                                                    SHA1:AA5E966AA01541EFF7C64801A0CDC9B21F999C84
                                                                                                                                                                                                                                                                                                    SHA-256:BFE196FFD4A6C924CBC58846967BF747ECBDE7F07BA4D21B1F3AA5D7921322DE
                                                                                                                                                                                                                                                                                                    SHA-512:BA19BEB75EF65C20C7DAE5B5E633DA245A35C4AB48235A0F579A7D4761DB81172451A16EF9B3AF36D9B40964AAFB3E4A218AF60EF8338EC4B002A9CDFD0C0DDF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{.. "config_version": 1,.. "epochs": [ {.. "calculation_time": "13349909819291600",.. "model_version": "0",.. "padded_top_topics_start_index": 0,.. "taxonomy_size": 0,.. "taxonomy_version": 0,.. "top_topics_and_observing_domains": [ ].. } ],.. "hex_encoded_hmac_key": "77A5D92408BA1717C0E4F0A2D42B5EF1F81D19D1F4BC8D8D59A1C5A7A6BD691E",.. "next_scheduled_calculation_time": "13350514619291682"..}..

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0912630204895708
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:d4PU79OJ9tiyTF4OwUGa9X6/n19MzmO8:d4PU7eBFFlagm
                                                                                                                                                                                                                                                                                                    MD5:8BD5F6180BA29C7AEDF6D93FB92337D4
                                                                                                                                                                                                                                                                                                    SHA1:7E8DC31AD30C959A16DDEAA301249C98D8C140B2
                                                                                                                                                                                                                                                                                                    SHA-256:E5C541B704A20484FBEED3BC5101F7447D04862DD38D5889381C23015127D205
                                                                                                                                                                                                                                                                                                    SHA-512:90FD3DCB790DB1BF7FFF35C7242616492792DB6AA0DDF609B8ED293F58B1915453C58B445AD0F0CF496890CFF56E9E84ED1D667957F65DF42AC5F7082F2D8B1D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............$.....................................................................?.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.13789174150532454
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:48:e9jy4OEah2luRVc+opOEah2lm9kN0oUBAPIR79Rwsdufew:e924OEah28Vc+opOEah2rNABAPUwsYe
                                                                                                                                                                                                                                                                                                    MD5:6855D2B3FE4A62A96924D60F14C12840
                                                                                                                                                                                                                                                                                                    SHA1:4B6784491BAE3F034E6B960D45E2E58DB08BA396
                                                                                                                                                                                                                                                                                                    SHA-256:91FB8801269C71C67FA52095959D2BE624B7826F71DF6DA08B244E678C174A42
                                                                                                                                                                                                                                                                                                    SHA-512:A526F863128EEBD5DE9114BA240F563A322B1DAB07C2F8261143FC8152521A756FCDE4A22E34B4C34502C2099396C0F4F47CA812EB59BA8F2EB0315FD5702EF5
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:....................................................................................?...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1056768
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.5176708878988848
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:768:WhJtZhJthhJtDhJtLhJtKVhJtrtJtvtJtThJtmHhJt:y
                                                                                                                                                                                                                                                                                                    MD5:5F63ABC9B0682C42E99A3F08DC8F51F2
                                                                                                                                                                                                                                                                                                    SHA1:D1726991563B5052F96D72EB8B6E76E3EB3383BA
                                                                                                                                                                                                                                                                                                    SHA-256:ADFA146130081AB1B7B7972D5FEA0BA14774F5C4453B4B3C64A753437E086007
                                                                                                                                                                                                                                                                                                    SHA-512:66C1EE300C18FB737D9884C88FD33AD3002248B4324F4174E056F846E365AB73FF866C077DE909203F953841B85831F428904B591B352F91D7230841058B7399
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4202496
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.23470715118086344
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:1536:/MyuuR0EAI+/zUll+zzPbhM8AtUbAMn4+K:/MyutELyNnTyDwa+
                                                                                                                                                                                                                                                                                                    MD5:911BD91896F0B1FE36B35CF445AA7F02
                                                                                                                                                                                                                                                                                                    SHA1:78D5A9A2880592343DE5CBF705000623C9F85B3F
                                                                                                                                                                                                                                                                                                    SHA-256:EA34CCAABD9BDC26EA7504FA5A55682009C9A78615BE91F2682C1524DC32E34E
                                                                                                                                                                                                                                                                                                    SHA-512:7B828BD3C13DA040D6FF6E1C2537E216C3F631A4B18FAAA30816891710BA7445112352B1B3FE846294DE89AB2323A800A44A8D7433FB0D9D2E01F88BCBA67160
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16923
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.976925142656368
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:1ILHTBFrvQHUBXnyeHrx0mJ2BPhWE9ZF3QemHIs:qLHddvQ0BCeGvPhZmHb
                                                                                                                                                                                                                                                                                                    MD5:6BA0668082147B61B021BC994D8D87C5
                                                                                                                                                                                                                                                                                                    SHA1:8B41BD32AD19AFA61D2A011D14B2269929E9D27A
                                                                                                                                                                                                                                                                                                    SHA-256:9C4F534BFE85510E704F5257EAE3777D9B438E42F69AB4956542AA6DC9D91B98
                                                                                                                                                                                                                                                                                                    SHA-512:CAE211C8F222C21BCFE5DFC4E6D17A82AC44E2120E64509DCFCFF705B2F49EBB5C34D9CF0A30190BD1BAE5A020B62326AF4E5530F3B3F6C8D5E38C597ABFC911
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............X......pHYs.................sRGB.........gAMA......a...A.IDATx..}y.%Wy.w.......ha..4..!6...N.....x.*);q.../....$UvL.Rq..U.L..............@.B..H.I............w..f.W...}{9...y....5j.C0.@..A...r.A..5z.&H..}P..F.>..R.F....Q..j....5Aj.. 5j.AM..5..&H..}P..F.>..R.F....Q...P..9..8i..#.&H.s.B.K...F.ah....'.......y......c#.._~c..8..N..G..G..'...-{....[..>.1,..v.u..ug..4;...bK...,.....n.....^...:o-Aj.3..h.....~..H....$-2@...'.............%ho....2.(...<.F..Y..%.<@P..../...a......I.[..2I......$....?...uP.]...k. ......,k...le9[..9..F.fffy...=.[.m.....Z.w.{..~.;p..I.....5...j.F.._..?...E.5h...Lc..C..@.8ER...\..............#...~.yy.m.s?..+[.....|.w.....w...p....}..a}....../..9"....}.....'N....LO.@..+D.3...T.q...A.....f.O.HF....S..30/}.`oNR...kV.:v.(......sa.. ).....U~..-$96...;a-...>....Mp..^.....M....w..;.+......4./.*ET!iQ4.B......8s..}....... l.wN...zaM......$Q.."..>.'N..e..]....*...4..,,,.|...a../&.T...um.H.m..N.:I.".....G.,.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000002

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41112
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.991388637311499
                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                    SSDEEP:768:Y/qpi61Cs0PrYS6NmrFbImSk1Ky7GCEjwmCe0QriPHrEWQ:Yl6Is0zYS6NmlIy1N9+8rEWQ
                                                                                                                                                                                                                                                                                                    MD5:9A7637D76B8A9DC3D2720BB3E824B425
                                                                                                                                                                                                                                                                                                    SHA1:872EFBFA32E5ADEBAB4DB2C3185385084C3CBEDE
                                                                                                                                                                                                                                                                                                    SHA-256:0E7A372A1293111888A3486C926D44A5F21ED45AC3BEFBC265BCA116B9E5DA48
                                                                                                                                                                                                                                                                                                    SHA-512:6C663F780B658330CB94126F4BFB09115BE25D817147DCB4D34B9BC26E73B48B4A92BADD04A22C9E0C91299D5F72D376824CF66A1F380E458AC797F215CC255E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............X......pHYs.................sRGB.........gAMA......a....-IDATx.....f.U.....T.*.*I.|.|.H6$.e ..6!..I2.3..H..I..........d..<......t'.H'...&.|...%..J.E.u/Iu.T...........r).:G....s.{.uy.e.s......f....|...}.....}.q......y..c../k....5.d.l<....y.n.fK.K...Z...M...G;..v.rz;..B........:..q.-..o.....s.M.k..{..o.._..nm.KG.xB.....&B<N0~...Qf+..|.=B...;.1b...XR.y~..h9.....Q..l... u)..@..K..>@:..-.~.....A...O.y..b.E.]...a,..>ev...318.!...._7...3wCK......*..}9>..q...Pu..>%..P_....J>.....Ap..,...h.B.Ptn.+1H.x....-.n..$..i..-#%..Hf]-....B..b..o...F.<. .w...n.....[j.&.2....C...#..jX..,...y?.%.0.P..`.....t..6v...T..u.h..5..!.Po....~V ..(....k*..9..\.]).rd.h..d.!.JE..-....z..P...9.zm....LJ.44*.....x..<...&"..A..p"q.A*.'Z.h..D:X...WVx..F==..%B^...\....D'h...q...._.d...5.....BL..x..i.K@v....._@...,u..c'0a..X...O@q.......&.{1...*yQ..{...[0 Q.W."Z.....x..8.)(.l>...;.....2<....r.....y3....TR.......;o.E....p&...b...m..F]h!xG.O\..M.^%#.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000003

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):38797
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.988399270822933
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:768:pqTPm3QZRtyEb7bihyreQRDsOEUOeWYhp28wq2MNq7rO9HuKQ/FRkvqumLrx:CPQaHT65U5LLl2MNwiHuKQNRkyumHx
                                                                                                                                                                                                                                                                                                    MD5:A415145CBFD63E8774C5DAF735FF5941
                                                                                                                                                                                                                                                                                                    SHA1:DC608F7FB16705219123F252F4AD706828C9716A
                                                                                                                                                                                                                                                                                                    SHA-256:6007C245A8B3EAB1BB3666CEFD40201D4B85A785C2082612E152EB69249081A1
                                                                                                                                                                                                                                                                                                    SHA-512:55547C6AAE2E9331176C2AEE96B500C9563E0975BFB78DA817987ADC856CB87646FD43DE60852B9B5996E2C46D01C240AED6E015DD63CCF55DD4CB29CA3E5B87
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............X......pHYs.................sRGB.........gAMA......a...."IDATx.....eWu..~...U.J*.%4!$F.A....1`....;.b...........<.....K'n;....m;........,f...@BB..P.pV.s........T...........k.....k...?:.........._.@.[~\63.O.//.7...c.e?0........]......ylo.V.r}.<vb.>......k.s........b.e.v..2...... y.o.%y..h....#Y.#.O.m -M(.X.....O.u.F..........x...|J~e..W.;i..Ad..<...I.....&...S. ......V(.FS.P.....%.P...&aTF~...kj.:..\.A...E...4S$_..H..L....v1....9O...r..U..\3....C..9.L....<u$...2.Z.....Ma .(..{....D....)P...,z..#.V*..)........wh.s..1.......!.=X..L..8b!6q.B{..u..x[.Gc2.Iq.qRB.2.H...UGiLp...0)..M..L.]..'.........7.g.&`...{...K....?.<1.....'n4.....Q....=...7.."L*........o3......c..I.ib.....V..l.t&...)#../1v..!z....L4.I.AH.$.t*.;E.&.....[0.*......+lm".2.Z.'B..{..).s>.A.{a%...J....!.....zY..%aB.nEX.&2...!.5.......qi......ZsK.u....9J.69?o..2...Hu2.\.w...W...jcY8..J.L.jn.B.7.r4..Ar.5F...}.....c.a.as.>sh. L._.!2T}..l....N..) .

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000004

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):36503
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.991248708322576
                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                    SSDEEP:768:sqiBhiLAZn7VntON1m8tQIrDjzNmRxlyh2eRWsdAFFBl:B0ESdk282I32yf+H
                                                                                                                                                                                                                                                                                                    MD5:FF6C3C0E5A054DC275374A5068EA1B44
                                                                                                                                                                                                                                                                                                    SHA1:7E772112F0BE1AF110972EF254492CE3BA4F4450
                                                                                                                                                                                                                                                                                                    SHA-256:941EA05CA33B934084723B16AAB4AE6D53E5A90ADB7C57334BC458C1CE4E3233
                                                                                                                                                                                                                                                                                                    SHA-512:C0E574A67664905851A77A45F9FE5390671EEDDBBD1B329FEB909907AEB7CAD3869225618BBA026513CC953C9B68AF59376151F84518611A135C980ADF6E6AF6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR..............X......pHYs.................sRGB.........gAMA......a....,IDATx....eWU/.[w...C !.@....@@. .H.. X..+..a{..">...X...!..[.5.BKHH/.d2}..=g..[...I.....o.=......v9..-O..TD0+.."v0+:..Ot.1T.....=....._@.Pi(e.:......m1......44&J...$y.7...p.m...b.B&.....J.Q..<..N&......Lp..]..z._.bNn#.t.u....:...k2k..T;..U...d..u...3....E.^W....u.N..-..dm].#!.......m:...!..B}. CY........#R...0..M.D..B....>.B3.#.IsZI.d(!:..e:...\R.f.'..m...(.,.K.W..ya.WY`oa'=.I.H. ...dl.H.P.8avo3....8".9q..~..`<..(.B.b.p........kQ....p.. .6a....;...."R..>..Q}L.PI .We.c.op.<.9.B.&..OO.~z..|....\.....yA.yd_.^..R4C..x.....W.ru..U...M......@}.d8...{..I.V..?....(.....io3.;..c...)D....v.Q.....m...R.!z..1.......tD../L....gFc..m......4x..K.o......F.P.S-.k.("..nMY%.-....o.Y..w.U....:a:..X.(.}....[.9."t..o.$]@F[...|...r..y.".1>.C..{...........&.H.N.c.g.cJ2Z4#..4#...%.P.........>~.....WO.R3.G..r..d{..t.d..!.."...L.,ep.btE..`.*r'A.V.>e...\...=..u.}fh._........7[...

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):524656
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:LsuluPt:Lsxt
                                                                                                                                                                                                                                                                                                    MD5:AFD81F90F21B2E7DDB50A687AAAF96E0
                                                                                                                                                                                                                                                                                                    SHA1:FB617DF4AA01281A44F8C80F1EFA21913983CC49
                                                                                                                                                                                                                                                                                                    SHA-256:50C5F0A1D267105B8CE75F2E4CB257332517551661728F6B14B10086EB8EBE90
                                                                                                                                                                                                                                                                                                    SHA-512:E7095C7C965B35E5E4B01DA8011E9DB406112B00102843192EB5B99578ABD4CC598471E1DFF36D19C64B5694E3EE467E2564197E278474E5A31C15844C08C66A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.........................................$G..m/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\7a36ee2ead7916f6_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):240
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.348143766456049
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:mYPYquHR4BmWvSCZc9/ZctC9umMXlLxIB+ZYBll:NLmWqCSZqYfM80Z0l
                                                                                                                                                                                                                                                                                                    MD5:35BE3E133AD08120B3343F8A30F2C50A
                                                                                                                                                                                                                                                                                                    SHA1:DDF1D46BD7E7159127B01A3A61597A223997A9EF
                                                                                                                                                                                                                                                                                                    SHA-256:D8DD412606A1042AD257D76EB5406BC62FFC05680C6A6F3CB30D7429BF4A3C55
                                                                                                                                                                                                                                                                                                    SHA-512:9DAF0E3DA09238E591DF0BC721A2EBBAEE67DD2193EB80BAB0143F1B8405386148A81D12C23BC9901D5A9B63C192F2FD1CAE61DB3B22FADE55D9164973F0D679
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:0\r..m......l....Qp....._keyhttps://pcapp.store/src/main_code_nw.js . .chrome-extension://pcapp.store chrome-extension://pcapp.store.A..Eo..................-K...m/...............W.......E..$....e.ujES.......5...Re.A..Eo........i.........

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7149960083567057
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:AbhNAyXl/ldldlRhuJI+dWGKl:Af3uJI+sGKl
                                                                                                                                                                                                                                                                                                    MD5:61A20D456681A61C3C02F6B9D834EB8A
                                                                                                                                                                                                                                                                                                    SHA1:DE7556CFFB173631307CFD22E6187243EF2DCC3D
                                                                                                                                                                                                                                                                                                    SHA-256:A3B290DC8077A5B14CEAAF79E3C4D30C5A42B966CAA5A0B93D27BAAD19617DBF
                                                                                                                                                                                                                                                                                                    SHA-512:595491E61B2BF23709B970548928C43B6C7E00CA1A87F6932361D599C290183B3AE887567D495562687B41DFE2766D1CC50C71AA7A5F700E98614596B99A5875
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:@.....%.oy retne..........................y...6z.x...m/.............m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7149960083567057
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:AbhNAyXl/ldldlRhuJI+dWGKl:Af3uJI+sGKl
                                                                                                                                                                                                                                                                                                    MD5:61A20D456681A61C3C02F6B9D834EB8A
                                                                                                                                                                                                                                                                                                    SHA1:DE7556CFFB173631307CFD22E6187243EF2DCC3D
                                                                                                                                                                                                                                                                                                    SHA-256:A3B290DC8077A5B14CEAAF79E3C4D30C5A42B966CAA5A0B93D27BAAD19617DBF
                                                                                                                                                                                                                                                                                                    SHA-512:595491E61B2BF23709B970548928C43B6C7E00CA1A87F6932361D599C290183B3AE887567D495562687B41DFE2766D1CC50C71AA7A5F700E98614596B99A5875
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:@.....%.oy retne..........................y...6z.x...m/.............m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RF582e57.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7149960083567057
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:AbhNAyXl/ldldlRhuJI+dWGKl:Af3uJI+sGKl
                                                                                                                                                                                                                                                                                                    MD5:61A20D456681A61C3C02F6B9D834EB8A
                                                                                                                                                                                                                                                                                                    SHA1:DE7556CFFB173631307CFD22E6187243EF2DCC3D
                                                                                                                                                                                                                                                                                                    SHA-256:A3B290DC8077A5B14CEAAF79E3C4D30C5A42B966CAA5A0B93D27BAAD19617DBF
                                                                                                                                                                                                                                                                                                    SHA-512:595491E61B2BF23709B970548928C43B6C7E00CA1A87F6932361D599C290183B3AE887567D495562687B41DFE2766D1CC50C71AA7A5F700E98614596B99A5875
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:@.....%.oy retne..........................y...6z.x...m/.............m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:2ByQyEBZI+:2P9BZI+
                                                                                                                                                                                                                                                                                                    MD5:3B662987E72DB64F767414631BAE09B1
                                                                                                                                                                                                                                                                                                    SHA1:95054B9BC10A0AAB0DA87C20E49C8F112FDB8EF6
                                                                                                                                                                                                                                                                                                    SHA-256:0AB4F01E2279C818EF4230621919718FFBC351E3C3C34E69863E291E28357E2D
                                                                                                                                                                                                                                                                                                    SHA-512:77F5112CBE92D3EB53FE52B9B92580EA210482CC1D7DB21DEA72B837EDFC135568E0E84B436964CC0EFDB38120005CC15946D605C14570793B731590B7A8B949
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:(...kT..oy retne.............................m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:2ByQyEBZI+:2P9BZI+
                                                                                                                                                                                                                                                                                                    MD5:3B662987E72DB64F767414631BAE09B1
                                                                                                                                                                                                                                                                                                    SHA1:95054B9BC10A0AAB0DA87C20E49C8F112FDB8EF6
                                                                                                                                                                                                                                                                                                    SHA-256:0AB4F01E2279C818EF4230621919718FFBC351E3C3C34E69863E291E28357E2D
                                                                                                                                                                                                                                                                                                    SHA-512:77F5112CBE92D3EB53FE52B9B92580EA210482CC1D7DB21DEA72B837EDFC135568E0E84B436964CC0EFDB38120005CC15946D605C14570793B731590B7A8B949
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:(...kT..oy retne.............................m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\webui_js\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\webui_js\index-dir\temp-index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:2ByQyEBZI+:2P9BZI+
                                                                                                                                                                                                                                                                                                    MD5:3B662987E72DB64F767414631BAE09B1
                                                                                                                                                                                                                                                                                                    SHA1:95054B9BC10A0AAB0DA87C20E49C8F112FDB8EF6
                                                                                                                                                                                                                                                                                                    SHA-256:0AB4F01E2279C818EF4230621919718FFBC351E3C3C34E69863E291E28357E2D
                                                                                                                                                                                                                                                                                                    SHA-512:77F5112CBE92D3EB53FE52B9B92580EA210482CC1D7DB21DEA72B837EDFC135568E0E84B436964CC0EFDB38120005CC15946D605C14570793B731590B7A8B949
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:(...kT..oy retne.............................m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Code Cache\webui_js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:2ByQyEBZI+:2P9BZI+
                                                                                                                                                                                                                                                                                                    MD5:3B662987E72DB64F767414631BAE09B1
                                                                                                                                                                                                                                                                                                    SHA1:95054B9BC10A0AAB0DA87C20E49C8F112FDB8EF6
                                                                                                                                                                                                                                                                                                    SHA-256:0AB4F01E2279C818EF4230621919718FFBC351E3C3C34E69863E291E28357E2D
                                                                                                                                                                                                                                                                                                    SHA-512:77F5112CBE92D3EB53FE52B9B92580EA210482CC1D7DB21DEA72B837EDFC135568E0E84B436964CC0EFDB38120005CC15946D605C14570793B731590B7A8B949
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:(...kT..oy retne.............................m/.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DIPS

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4401189324241401
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiNMVTWuha8OlJHwbPbI0QE0Q0sKerQsKerUI5hPKZzdHFxOUwa5qgufTJpbZ7l:TLiqDYziciMZ96UwccNp15fBK6
                                                                                                                                                                                                                                                                                                    MD5:DC612C065A99E9CAF26AD9DC86851F9F
                                                                                                                                                                                                                                                                                                    SHA1:734047AA3664CBA21C8B2E21F34258F6F1C9DE6F
                                                                                                                                                                                                                                                                                                    SHA-256:06AC23C5C67C7D46A5E58BAFFAC4C7ED093EE60D53C5810195843E4218418C20
                                                                                                                                                                                                                                                                                                    SHA-512:176D8F16A5B72376082A996DABB4775EE9F67C2CB2AEE0521FF4BB5DBCD5D671D03B78B984361D5E13419085957EB673A41687C3C2D4D5A0BD76C2C7B488064E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g.....8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\DawnCache\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:LsNl+y//:Ls3+y//
                                                                                                                                                                                                                                                                                                    MD5:5828B41B91D04756825168CD6172D13E
                                                                                                                                                                                                                                                                                                    SHA1:54275DB68F1963F4382241CCD2D5F75E5530F163
                                                                                                                                                                                                                                                                                                    SHA-256:50AE546A562F622721F66C653AAD34B4650B66ECD36A41B2FEC99742663A4A5C
                                                                                                                                                                                                                                                                                                    SHA-512:F175C2D7888A2FD6808D5F750141446EBCA4FE51937ADC199B8865E04671FD7194CA69F578745DEAC3BC06AB8FE416D0102520F760D400C150896EA2A031CFF2
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.............................................m/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Cookies

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6610854045193225
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:TLyhF1kwNbXYFpFNYcw+6UwcQVXH5fBF5nL/:TehFawNLopFgU10XJBD/
                                                                                                                                                                                                                                                                                                    MD5:FBE2FD955A8B9FF4EC50B8EF2F904A98
                                                                                                                                                                                                                                                                                                    SHA1:7A8E9F0C421FBBC0C1C980AE4B5940632958304B
                                                                                                                                                                                                                                                                                                    SHA-256:281D2CBEDA7CE4DE61EEC510C67EFD40D081845C5957B1B03C5E721BBC6BFB46
                                                                                                                                                                                                                                                                                                    SHA-512:F923B6BBC6E2CAED9653A721EF66E229692007E9780B138CE9397309F4C58A436E01DB148A856A220259F66892A22A17770B076AF439AB39FFE12EB8AB1BEE15
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):384
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.858459729108908
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:YBXt4NGD/1BwqEshTG4yI4YniYhTG4yI41p32AGD/1BwqEshXeLKmCBFNYhXeLKI:YEUDtqUTGLFY5TGLF1pcDtqUXeLKmOe8
                                                                                                                                                                                                                                                                                                    MD5:A74BE64269EB6C7FDBE68F89DA4B4E7B
                                                                                                                                                                                                                                                                                                    SHA1:7CADCCB92FFE353C492720F12A0A7993434A888B
                                                                                                                                                                                                                                                                                                    SHA-256:5D4EB0BFAE32AFB6B300D7E8B02DD6810DD3853782889091B6B783C7F90843D6
                                                                                                                                                                                                                                                                                                    SHA-512:1E6D581D8DC7510470C3746BCBD9374B06E6F9F7916B7FB7545742BF7E8F78CECDFA5A40615AA27C49AE19001081780CDA7B4CBE8CF7799F829F586A05B56316
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..s6c...............Rmhjfbmdgcfjbbpaeojofohoefgiehjai.declarative_rules.declarativeWebRequest.onRequest.[]..taN...............=pcapp.store.declarative_rules.declarativeWebRequest.onRequest.[]....d...............Smhjfbmdgcfjbbpaeojofohoefgiehjai.declarative_rules.declarativeContent.onPageChanged.[]k.XkO...............>pcapp.store.declarative_rules.declarativeContent.onPageChanged.[]

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):283
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.115338886504929
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmP2q1N723bTWQ8aVdg2KLltmPkg3+q2PN723bTWQ8aPrqIFUv:HcaOQ0LvZvVaOQL3FUv
                                                                                                                                                                                                                                                                                                    MD5:B73B1CBF6F92859067F531978755DBC8
                                                                                                                                                                                                                                                                                                    SHA1:055F557BCBE250B1E072627277502CEEA8F4C06B
                                                                                                                                                                                                                                                                                                    SHA-256:6FC226A7099BE1099AB539E2DC4EDA7FB9D007CDD87573ECFA4F7E617F8E38FF
                                                                                                                                                                                                                                                                                                    SHA-512:10243E8190272E0F7F880033C0725FB3BC85BC1F57A91DD70EB7CFB6D7F08BE090BEC1FD0B185B517A5D8405FBDF3D0B1E5542A20151C2B22CBF11EAA4115501
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:56.236 16a8 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules since it was missing..2024/01/16-21:16:56.247 16a8 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                                                                                                                    MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                                                                                                    SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                                                                                                    SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                                                                                                    SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5...............

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):287
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.079002149474738
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmPBq1N723bTWQ86FB2KLltmPuE+q2PN723bTWQ865IFUv:HKaaOQ/FFLvy+vVaOQ/WFUv
                                                                                                                                                                                                                                                                                                    MD5:E9A1EFEB21A0AD3871A74A7FC3FD95EB
                                                                                                                                                                                                                                                                                                    SHA1:072424474BA0B80BAB40EEE70D30B9B63EF372F6
                                                                                                                                                                                                                                                                                                    SHA-256:E93F1E4B24B1F134085C193BD098F9E6D137F2CCA8509DDF5E21E2EAB2E9C5FF
                                                                                                                                                                                                                                                                                                    SHA-512:9FCA613E1C6C02F073BB22A2EC6A929C4F0247FE62BDC0FCDA736B92F9B9B02BDD14F9EC259A966AD165757F2974713492630B43D0F370AF51B09C80B07FBDB1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:48.133 1f0c Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts since it was missing..2024/01/16-21:16:48.222 1f0c Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                                                                                                                    MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                                                                                                    SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                                                                                                    SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                                                                                                    SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):283
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.032119623267034
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmPo+RM1N723bTWQ8Yg2KLltmPpZ8Iq2PN723bTWQ8NIFUv:H3usaOQqLvjIvVaOQpFUv
                                                                                                                                                                                                                                                                                                    MD5:AA47D836443B9AF881E315A89B47D6D9
                                                                                                                                                                                                                                                                                                    SHA1:80827E1BEB5D4FE7D7A416C74AFDB436B7DA204E
                                                                                                                                                                                                                                                                                                    SHA-256:700E8E84F15745B7B731C86F7F264B9E0AE89CE61AFF4CAE24F528D74064106F
                                                                                                                                                                                                                                                                                                    SHA-512:187E5668C7FD11D37914BDDA925F51E7C83171D086086FF7A7C72574CB53A6E7B12C8E09339376D6878A0175D83DE33E3E48FDE4F4BA250D737A3BDD1BF36835
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:49.032 1ee4 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State since it was missing..2024/01/16-21:16:49.102 1ee4 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Favicons

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.4641422808496767
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:7BCyoE4Dx1OsdB2Fb9wCJICCOhIOUwVrVL:9NML1C7
                                                                                                                                                                                                                                                                                                    MD5:839E26D1DC8137E0CA3340749C319E82
                                                                                                                                                                                                                                                                                                    SHA1:334ECD72419DB8C3F40A0C0C5E5F45F244117034
                                                                                                                                                                                                                                                                                                    SHA-256:E60D3DF49BE633DB80C2A7024EFFDD7D524BE3FC4448A890DFB2B0073C65DE78
                                                                                                                                                                                                                                                                                                    SHA-512:2D754578184CBBF97DF15CE7A0B670E8A0A39C3C2C19B61180B9E7539A5DE0AC57CCF1F9A79334C610C62BC4BB61D46902C8CABD0B6290C125FF9BE504402833
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\GPUCache\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:LsNl0IKt/:Ls30IKt/
                                                                                                                                                                                                                                                                                                    MD5:52B4EA3CD48E35A96109940DFF52132F
                                                                                                                                                                                                                                                                                                    SHA1:F2B60A17DA40F1ABFEB455EB0D9F38B446074133
                                                                                                                                                                                                                                                                                                    SHA-256:1E90ED16417B4E3B19262E66FD9F0CAFAB00C9174134A30CD805453787B02B5E
                                                                                                                                                                                                                                                                                                    SHA-512:128D92A83972F0D20BF2BBB44C16D04D1D8E21995CC7D090A8BBF3FDD7F5532A8CC2879F8BFECCADC73B3C7C57291233B89680BC7B0B082BB1B78F8C5A4F401A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................@....m/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):151668
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                                                                    MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                                                                    SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                                                                    SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                                                                    SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Google Profile.ico~RF575c42.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):151668
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0550957398929903
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:YcFpCkgfvMbb555555555555555555555555555555555555555555555555555O:YepCb8bBvK
                                                                                                                                                                                                                                                                                                    MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                                                                                                                                    SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                                                                                                                                    SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                                                                                                                                    SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\History

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):155648
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6642649644137798
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:udiq+YQ+bF+UI3i7cayZudV0R3qLkjpR3:udiq+YDkUI3i7EEA3qL2R3
                                                                                                                                                                                                                                                                                                    MD5:46314F170B3C1DA2C98B3DD9CEEBC982
                                                                                                                                                                                                                                                                                                    SHA1:750D37C618DA5C46B57BA7E7C695C7CDBE71BFAE
                                                                                                                                                                                                                                                                                                    SHA-256:6821372FD18A7D072460E9FA5A0DFA1493FA602AC7DEC095EBDB2413212A262A
                                                                                                                                                                                                                                                                                                    SHA-512:C5180384FE8DFF58F4CB1FCA617A58BEA98316F9EC5073E99F9517943D2896E3B78FF6D3562AAD7C1738A2A4FEC7BA1535603984E5CDEB25F0799AEF6A1CFFE9
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......&..................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8720
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.21916490374438005
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:SVxllntFlljq7A/mhWJFuQ3yy7IOWUInvol/dweytllrE9SFcTp4AGYcm5V9RUIt:mC75fOunwl/d0Xi99p5LT
                                                                                                                                                                                                                                                                                                    MD5:8CAA1A45A24FB8B13B12B65CF0FC6820
                                                                                                                                                                                                                                                                                                    SHA1:46C4176A926CC433C2232E5D55C1C5A298E86AC3
                                                                                                                                                                                                                                                                                                    SHA-256:5BF511F393541020087C3C5777BC18E55BEB2F5D8A91B93DECED5467784EDCE6
                                                                                                                                                                                                                                                                                                    SHA-512:B5F4E4EC57063603DCEC7ABFE38B90F2BDBFDAEEF1A558467E5152B40991AD795B0133E13D5ED54E2F7AB0C2075B1E137EE42AD025AB9645F193707ADB291C6F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.............b.....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):295
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.163457492201472
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmPS6q1N723bTWQ8a2jM8B2KLltmP+MVq2PN723bTWQ8a2jMGIFUv:HZ6aaOQ8jFLvaVvVaOQ8EFUv
                                                                                                                                                                                                                                                                                                    MD5:FDD041CC44C367755458C39D0EED5E54
                                                                                                                                                                                                                                                                                                    SHA1:7FE8E718761FC4642E6FD707B6E54362C626E205
                                                                                                                                                                                                                                                                                                    SHA-256:2176D74D4200F246D4FFEC3A6B3182061487AFA743F3CA65BF5D301FA9D5C708
                                                                                                                                                                                                                                                                                                    SHA-512:B1B0D8B6B6E9E2C647F7C8AE296F9D44CC62743B4AB951945E0C538EA6EA2B40F0A730CD506D10A8EC5922ADE98E9A7E286A7E3BDE5B0F86479E06152F796156
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:49.847 1b60 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb since it was missing..2024/01/16-21:16:49.865 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Login Data

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, page size 2048, file counter 1, database pages 23, cookie 0xd, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):47104
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.7964031834322436
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:FSXNKLyeymwHCn8MouOFlRGiZqYtFTCG:FSfHG7qqifTCG
                                                                                                                                                                                                                                                                                                    MD5:8F5942354D3809F865F9767EDDF51314
                                                                                                                                                                                                                                                                                                    SHA1:20BE11C0D42FC0CEF53931EA9152B55082D1A11E
                                                                                                                                                                                                                                                                                                    SHA-256:776ECF8411B1B0167BEA724409AC9D3F8479973DF223ECC6E60E3302B3B2B8EA
                                                                                                                                                                                                                                                                                                    SHA-512:FDE8DFAE8A862CF106B0CB55E02D73E4E4C0527C744C20886681245C8160287F722612A6DE9D0046ED1156B1771229C8950B9AC036B39C988D75AA20B7BAC218
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Login Data For Account

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, page size 2048, file counter 1, database pages 23, cookie 0xd, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):47104
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.7964031834322436
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:FSXNKLyeymwHCn8MouOFlRGiZqYtFTCG:FSfHG7qqifTCG
                                                                                                                                                                                                                                                                                                    MD5:8F5942354D3809F865F9767EDDF51314
                                                                                                                                                                                                                                                                                                    SHA1:20BE11C0D42FC0CEF53931EA9152B55082D1A11E
                                                                                                                                                                                                                                                                                                    SHA-256:776ECF8411B1B0167BEA724409AC9D3F8479973DF223ECC6E60E3302B3B2B8EA
                                                                                                                                                                                                                                                                                                    SHA-512:FDE8DFAE8A862CF106B0CB55E02D73E4E4C0527C744C20886681245C8160287F722612A6DE9D0046ED1156B1771229C8950B9AC036B39C988D75AA20B7BAC218
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network Action Predictor

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 9, cookie 0x5, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4132400259972371
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:TLFPD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFS:Tl/qALihje9kqL42WOT/9F
                                                                                                                                                                                                                                                                                                    MD5:A8124BC052467DA4295F19B31C2DB8A3
                                                                                                                                                                                                                                                                                                    SHA1:834ECD8B28032931D2B794EAE6FA11F9805B2A3B
                                                                                                                                                                                                                                                                                                    SHA-256:7B0C9BAEC8926E2C4153528B3652505EC3E025D681B319E43CFA380E8045D2C3
                                                                                                                                                                                                                                                                                                    SHA-512:D882449980DF349FF6C4D63FA1077A092CF83CEFFFE07A6089646111FE5076E3DC11EFF5469382CF783EC6EF61158D419892E61A7CB9C723E8B24142BF8CAEFA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\15c53359-2d76-4274-9d7c-43a55682cce5.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):705
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3585500082372315
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:YHO8sqZAdsBZlj1KToIFGU9Vz1an8sqZA35sBZmrYJ5wr67g2Hp9ubcP7E4T3y:YXsmZloToAH31sCZyYXwoHqbA7nby
                                                                                                                                                                                                                                                                                                    MD5:BAFADD6C8880AA891106F6EB1ACB5306
                                                                                                                                                                                                                                                                                                    SHA1:BF9E179F88602C1D478AC8ECFDB8EBC374A5C05E
                                                                                                                                                                                                                                                                                                    SHA-256:8FBF4F380C4D72DD67C8817D575B6849D0F2B0380A5189E626F56CA2E737EDDE
                                                                                                                                                                                                                                                                                                    SHA-512:2ECCC54DF98123F53C07F099258FE8A26C0120BC7979CB07F3190A3BB4AF4780B98A3E0E2878270762DD3027D64EF39982808C191DD89C343DD99CF5DEEE2768
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352501830623789","port":443,"protocol_str":"quic"}],"anonymization":["MAAAACsAAABodHRwczovL29wdGltaXphdGlvbmd1aWRlLXBhLmdvb2dsZWFwaXMuY29tAA=="],"server":"https://optimizationguide-pa.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13352501817105635","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB4AAABjaHJvbWUtZXh0ZW5zaW9uOi8vcGNhcHAuc3RvcmUAAA=="],"network_stats":{"srtt":93050},"server":"https://fonts.googleapis.com"}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\369d6c3a-19b2-40c1-bcd1-98af5dc257c4.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\7be6f1ee-26e1-4e4d-bdcf-8d8de63ce4f1.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.6659001735196164
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:TLyhF1kwNbXYFpFNYcw+6UwcQVXH5fBuZEXLNyDH9jXLD:TehFawNLopFgU10XJBuZUyDx
                                                                                                                                                                                                                                                                                                    MD5:460FABBF1CD885EDE5AEDCCCD8135B84
                                                                                                                                                                                                                                                                                                    SHA1:8557A7AEDBC43A6558F279536F226478132AE4B3
                                                                                                                                                                                                                                                                                                    SHA-256:6C72DBBF9EF219BA724F01C3013C96C7CC0B9CF59E32023FA67E6A810918360C
                                                                                                                                                                                                                                                                                                    SHA-512:B86D0D82A1A41478DFBE48918AF1854DD2A805288B2AE8A498D6A62977E1B54E50CC39CF5A743828D280BFD3403A920B9C8C331DC0929E097F8DE58EDE4578AE
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RF58863b.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):59
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                                                                                                    MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                                                                                                    SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                                                                                                    SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                                                                                                    SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.555339519516384
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:48:TvIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:TIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                                                    MD5:877F00554179F0C5A393C9C98E8EE4D4
                                                                                                                                                                                                                                                                                                    SHA1:59CBCFE99E0BCA2280259A49295AEA04E34A515F
                                                                                                                                                                                                                                                                                                    SHA-256:3F2F7606E2A6C1D636EE32851EA6B163B153907E6A3AC0E41390549B9F4839AF
                                                                                                                                                                                                                                                                                                    SHA-512:EC39CE598EDA495737CCC93357252767B4C191102FDFBE7B252E8944D7D73CDA13791D5DF94F31AC6C4E2371EB7B2FA3EC39B033E938974F72921FDEBCEDFABE
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3645556383604875
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:TLeB3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:TyB31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                                    MD5:D81031DC96ADEB541E9DCFFDD9D5A08A
                                                                                                                                                                                                                                                                                                    SHA1:419595AF7B4B7231D15DE635A5FFEFC746D9EDCF
                                                                                                                                                                                                                                                                                                    SHA-256:A1431D11F41EAE53C6513FC2FDD5E1C011FDB3A7541FE018C8534A43309BC2F5
                                                                                                                                                                                                                                                                                                    SHA-512:9629D1B3F923165795E062EE3AF73EF6AA98F59B61F98B4F2F40A6AD2697C90C4F742237D753D635C130E83A016771F9C745B85ADA5727A1A218931276080D85
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Preferences~RF57ad50.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Preferences~RF57e671.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Preferences~RF580dde.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Preferences~RF586bcd.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3570
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.007876422450202
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:rq0tOlfRxWJJdaiZRy7Dx+6MSmueg+O2Mzn:r5OP0Jzasyh+Fw5Pzn
                                                                                                                                                                                                                                                                                                    MD5:319F820D3951D2C33226601B594C30D4
                                                                                                                                                                                                                                                                                                    SHA1:FF2F1DE3AAD581842C4E1E016F0AD401B2384D8C
                                                                                                                                                                                                                                                                                                    SHA-256:3C321B5CC84796A5C5840AFF1E036555FBE161D55775E54421B9FE6B1A5A8CFD
                                                                                                                                                                                                                                                                                                    SHA-512:1B3BA59F9355A4D66F93974D4A83E92F89404A349ADB2C6CD2210D5460A33F318E0BD1270BDE7749E248EA4D43794E2E9328667EF7BB0767B96CD7F4E230F77C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"account_tracker_service_last_update":"13349909808622772","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13349909808106586","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":110},"browser":{"has_seen_welcome_page":false},"commerce_daily_metrics_last_update_time":"13349909808612177","countryid_at_install":17224,"dips_timer_last_update":"13349909816176743","domain_diversity":{"last_reporting_timestamp":"13349909808617934"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"110.0.5481.97"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"c6febb58-61b7-412a-abc2-db65ddb7c33f"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{},"8181035976":{}}},"media":{"device_id_salt":"DD78EF6DE3C413C010F47D72DA62AAFA","engagement":{"schema_version":5}},"media_router":{

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\PreferredApps

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.051821770808046
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                                                                                                                                                    MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                                                                                                                    SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                                                                                                                    SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                                                                                                                    SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\README

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):162
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.273886413532386
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgFL8CPAzkmM:KrsUpAQQgHGwB26MK8Sw06fXQmWtRAI+
                                                                                                                                                                                                                                                                                                    MD5:44028E0E05F8498268AA16B5D1BF19FF
                                                                                                                                                                                                                                                                                                    SHA1:1C241C407F2903727920B5069C4582F5D33369C8
                                                                                                                                                                                                                                                                                                    SHA-256:2952D4AD35DC8E19F3D10CEFA90B832EB3923B88C472A22F6FD57D4A5CF84E74
                                                                                                                                                                                                                                                                                                    SHA-512:A8F677CFB8EB25A8A8287AB2ADCF72932FF9AEBFC54EACF55034342BFFA10A212C487B11895C005605737569C24800F5EA82AA9A3FDAED10FD084E897A8FF2C4
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:nwjs settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through nwjs defined APIs.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4977
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.472464653784687
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:Vs1iPW7VaTLCX539dBUoEqHsfhVwSpsA5IOrMn3YPo0MG6+ZXb:relJlYzwSpFIOAn3go0iur
                                                                                                                                                                                                                                                                                                    MD5:7B75433EB797BD474E6F5DB812187135
                                                                                                                                                                                                                                                                                                    SHA1:81AFCC1F71E49705DD0BAF677348493BD1E14874
                                                                                                                                                                                                                                                                                                    SHA-256:658075D8C0DEB132B7E5DF4A6E22ED8B59853744B94106D0679AA545CD11FD60
                                                                                                                                                                                                                                                                                                    SHA-512:601B187D333E1E89B922E2CFA78077493244252641C5D27595AD34853EDEB7E346A2358AC6F14E53DA1F4E455851C9DC200A5E999513B0EBE532454EADFC6318
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349909808124379","from_webstore":false,"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349909808124379","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVw

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                    Size (bytes):854
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.124252801676464
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:RaDfCKJElWVvzmMOaYLsJyEElCXbYWi6DKQJX6bM:SusJ6WieKgt
                                                                                                                                                                                                                                                                                                    MD5:013C365D05D9C475F54BB88D3F8B11A7
                                                                                                                                                                                                                                                                                                    SHA1:99E779EB610C0AB263ADDF85DB22722675F096FB
                                                                                                                                                                                                                                                                                                    SHA-256:4DD53EEEBC2FA8ACD245ECE743CD2B30C4BED17FBE53733C4EF0ECBCBE3D1714
                                                                                                                                                                                                                                                                                                    SHA-512:ADC3B2AEF3A6FE15B81D887513F4637E651B5939B7C100D5F87755D2848D804D4AC0BC26D4FCE9BCD2359411F744519CC172C17959EA280807CCAD0D16C064E1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-...m................next-map-id.1.Nnamespace-14a5c79f_71d3_4b2f_a17f_cee6d7a69e20-chrome-extension://pcapp.store/.0[7Y.m................next-map-id.2.Nnamespace-a24ba2ed_57a1_4f85_880e_6465049a8c82-chrome-extension://pcapp.store/.1.k.Cm................next-map-id.3.Nnamespace-dbcced0f_d7c5_40a6_b055_ef2575da68d9-chrome-extension://pcapp.store/.2...ym................next-map-id.4.Nnamespace-c9b20eb8_da0c_484c_b78f_f87cb6cffc50-chrome-extension://pcapp.store/.3eNz.m................next-map-id.5.Nnamespace-bf005aa7_a1a6_4a34_90f9_8cc10527803d-chrome-extension://pcapp.store/.4{...m................next-map-id.6.Nnamespace-34d7cf38_6562_4053_8232_776d7a672067-chrome-extension://pcapp.store/.5iqN.m................next-map-id.7.Nnamespace-0af3d855_b31c_4a7f_b600_f551fb169e15-chrome-extension://pcapp.store/.6

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):283
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.048177123192525
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:Hmwhq1N723bTWQrQM72KLltmwkXVq2PN723bTWQrQMxIFUv:HnhaaOQ/Lvn2VvVaOQCFUv
                                                                                                                                                                                                                                                                                                    MD5:BFB5B5D6B06082DBD7B8B89845C138C0
                                                                                                                                                                                                                                                                                                    SHA1:0FBA2A5B78D01A76A9674BB62C247954E67A7B45
                                                                                                                                                                                                                                                                                                    SHA-256:4CE1A95929AA36BF5B1BD23E510ACC0027E3E0E43D11FE5E4765F56590F67003
                                                                                                                                                                                                                                                                                                    SHA-512:77B2F30325E4A0057B299B4971E5060E6A83DB0D01040038A881C0B334961229AD6CC2E5FE7FFB39D251D2067556E435572D8CA42B934D2962C472A68AAEE804
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:17:04.707 1b60 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage since it was missing..2024/01/16-21:17:04.742 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sessions\Session_13349909818688801

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):11495
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.5003152888438587
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:3CilumETZjlctET3foOQCekYm7k8L/psTURP83hdEC1LTFGJpE5555FYC:du0gcLr
                                                                                                                                                                                                                                                                                                    MD5:AB908C86F59302BF03E9473FAEA2EFFC
                                                                                                                                                                                                                                                                                                    SHA1:EAE57D46CCCFD2241638D4441818D1E09F446F00
                                                                                                                                                                                                                                                                                                    SHA-256:6C40EC599489FECF262636E108DE22F5257257E6CB702C76DA03F3EC5FA28A01
                                                                                                                                                                                                                                                                                                    SHA-512:87AAE6E62634CE765393AFFFDA8C15D3E695A27CB0B1540F166BA91C32ECEBA5355D3EEC9E9418077FB269B95066C172DB599729890FFAC77846B138FDD98199
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SNSS.........Bw....!........Bw...._nwjs_pcapp.store............Bw...... ..Bw.........Bw.........Bw....!....Bw.................................Bw..Bw1..,.....Bw$...14a5c79f_71d3_4b2f_a17f_cee6d7a69e20.....Bw.........Bw.......U.........Bw....A..<.....Bw....)...chrome-extension://pcapp.store/index.html...................x............................................................................................................... .......8...............0...............................................Z...)...c.h.r.o.m.e.-.e.x.t.e.n.s.i.o.n.:././.p.c.a.p.p...s.t.o.r.e./.i.n.d.e.x...h.t.m.l.......................................8.......0.......8....................................................................... .......................................................P...$...1.1.a.6.a.b.a.9.-.5.d.0.0.-.4.e.d.f.-.b.8.3.c.-.8.e.8.a.8.e.3.0.9.b.b.f.................P...$...b.2.c.6.f.0.3.a.-.6.8.c.c.-.4.c.a.0.-.9.8.d.8.-.a.9.0.b.8.b.3.c.d.d.f.8.................)...chrome-extension://pcapp.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.4409107683883282
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiNvcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLiRVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                                                                    MD5:E4C98D45E6A2654B3E22BAB457F92558
                                                                                                                                                                                                                                                                                                    SHA1:C741CB53883D507F040398DB2C3B6B4EC3F03E1E
                                                                                                                                                                                                                                                                                                    SHA-256:0F2A89E04E5098CCB115BC8111CAAA2BBC15F6097F26B26866E65BC23C100902
                                                                                                                                                                                                                                                                                                    SHA-512:E38004DC59E74EBE0DAD029D59FC1F2A24B8BFE5A81EEAAC4C8E5A7752B5DC32064DE46A6DD2E5304353E3CECEF00BC7A30C8DFB114B8978D1FC8A4F7452DB01
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.473726825238924
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                                                                                                                                                                    MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                                                                                                                    SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                                                                                                                    SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                                                                                                                    SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.On.!................database_metadata.1

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.015967761105455
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmP+hHM1N723bTWQ7Uh2gr52KLltmPKyq2PN723bTWQ7Uh2ghZIFUv:HXNsaOQIhHJLv7yvVaOQIhHh2FUv
                                                                                                                                                                                                                                                                                                    MD5:C751FA25C1C456B03952F656BCAD9334
                                                                                                                                                                                                                                                                                                    SHA1:59B87DD152A287576B50164194C8C0AAE29D912B
                                                                                                                                                                                                                                                                                                    SHA-256:1144186BA511AF201CEBF4C4CB1117DC52DF88AB1F5C935DED56ECAE2BF001A2
                                                                                                                                                                                                                                                                                                    SHA-512:88B243F8383950E04389324C8600591A6CB2116FF404B0F9D8D68E5B8061782DA05D28F19B0EC140B51BA81E50C5EFA9CA384AAA05C62772C9F899B16520666E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:48.127 18a4 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database since it was missing..2024/01/16-21:16:48.252 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):46
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                                                                                                    MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                                                                                                    SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                                                                                                    SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                                                                                                    SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):287
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.0855674447213115
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmP+dUM1N723bTWQBx2KLltmPu4ROq2PN723bTWQpIFUv:HXdUsaOQBVLviMvVaOQmFUv
                                                                                                                                                                                                                                                                                                    MD5:912C4CD030ACF5AE9C4DF57E1C91938D
                                                                                                                                                                                                                                                                                                    SHA1:4DEE1D5D089CA58584194D0A4D266630CC85CAD4
                                                                                                                                                                                                                                                                                                    SHA-256:6A259F045C286A391C8D312FAB1327155A8846ABF6FA602C172A3A9604E62531
                                                                                                                                                                                                                                                                                                    SHA-512:9E8083B51ADFCFB0D884087ED64BF26A6543F6F20DFA65286027E21954402A9F66BD0A3CD322021CFE7995EAB5A2B4ADA70A64EE521596D2B5F1E1A4B261B94F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:48.124 1e84 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB since it was missing..2024/01/16-21:16:48.222 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Top Sites

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.37460830156582714
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:TLiNPCZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSbdccog2PccogL:TLilCZwE8I6Uwcco5fBr2hL
                                                                                                                                                                                                                                                                                                    MD5:F0613BFDA3D73C759C0CE5241F69F227
                                                                                                                                                                                                                                                                                                    SHA1:57F4FE1D1A13EB7DF991AFE91DA41A35C22EED65
                                                                                                                                                                                                                                                                                                    SHA-256:21FBF02C06D19C619CB1104E7E7D5D57DC8B3927A0BD02970D791C1ABF71E445
                                                                                                                                                                                                                                                                                                    SHA-512:BC3873BC125775324DC8E4B3523A1521C9D547B4ECB8FC85321FF1772B415CB930B3CB80553A1A9C7D2F2CE8C574E93E7E874A3191D590208D86DE7C85BBF385
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Visited Links

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):131072
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.010899916777205828
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:ImtVdJw/cePaEBNTdY8lll18lLwiRl1hYebgl/ljW:IiVM0QJnlN8lMiP1v6
                                                                                                                                                                                                                                                                                                    MD5:0233490BC3FF771A175B86AFC98D6FDA
                                                                                                                                                                                                                                                                                                    SHA1:45A1EB044AD0FDF7270F90E13DCA831877BAFF56
                                                                                                                                                                                                                                                                                                    SHA-256:021116B066CD9699222FF37D005687DCD26AD2DFF2DC0A3073110C860B5505FD
                                                                                                                                                                                                                                                                                                    SHA-512:F93C0147EF1FF9AFC24D5D9A05D721EB75F081D26E4C3EB2D3991B9DC974FF08543CBCD9C9E0682441468ABBB05730923F7CAF8C83F659ACF2FDF288F378A30F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:VLnk.....?.......B....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\e46cd762-5ed7-458a-8c56-7cd993b0123b.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):184555
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.04582850806131
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:8uTjY+ahgiggigiBBD1NvVAZ/mdJgoX1vY4Y9F0sYea7/Ir0MP4Fh2B1:/TM+aMLVAEdJgoX1vY42F0sYzAr5Pum1
                                                                                                                                                                                                                                                                                                    MD5:45CE98F02218587ED5BA55A95932DE6E
                                                                                                                                                                                                                                                                                                    SHA1:C18F527A894709B63BED76A20BDC0FF149424D71
                                                                                                                                                                                                                                                                                                    SHA-256:BD29DFB2BE0185695FC012F92E85BF6626CE7A1C8BD8F728E998EFA63BF1DFE7
                                                                                                                                                                                                                                                                                                    SHA-512:CD336F76060F2595E54E80F6EA04844F73795FDE7EDA0093D7EDC439624C050A649168554B283888DD94DE187774388C2C5E1F5678985694761F26E27454C7DC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .....M..(............. ....................................*...(...(...*...................................................................................................................................................................................................................................(............. ....................................... ... ... ... ....................n.....................n.............................................................................................................................................................................................................d......................d..............................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):184555
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.04582850806131
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:8uTjY+ahgiggigiBBD1NvVAZ/mdJgoX1vY4Y9F0sYea7/Ir0MP4Fh2B1:/TM+aMLVAEdJgoX1vY42F0sYzAr5Pum1
                                                                                                                                                                                                                                                                                                    MD5:45CE98F02218587ED5BA55A95932DE6E
                                                                                                                                                                                                                                                                                                    SHA1:C18F527A894709B63BED76A20BDC0FF149424D71
                                                                                                                                                                                                                                                                                                    SHA-256:BD29DFB2BE0185695FC012F92E85BF6626CE7A1C8BD8F728E998EFA63BF1DFE7
                                                                                                                                                                                                                                                                                                    SHA-512:CD336F76060F2595E54E80F6EA04844F73795FDE7EDA0093D7EDC439624C050A649168554B283888DD94DE187774388C2C5E1F5678985694761F26E27454C7DC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .....M..(............. ....................................*...(...(...*...................................................................................................................................................................................................................................(............. ....................................... ... ... ... ....................n.....................n.............................................................................................................................................................................................................d......................d..............................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.875
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:tMfM:ifM
                                                                                                                                                                                                                                                                                                    MD5:D5E6121F86812CC7AE58EFC4F9CEACBB
                                                                                                                                                                                                                                                                                                    SHA1:3DFB06418220ED62AB46B473BC4AB269FF4F7E33
                                                                                                                                                                                                                                                                                                    SHA-256:05F173BBB3D564E2DA3D496C4298B69C3506771A30238EB5285F1CD9DF00E3C0
                                                                                                                                                                                                                                                                                                    SHA-512:88C5C1B06DDCAC46D53E1CAD013FEC4FB789F97589F294A076BE3CC7AC1C10ED9EA0A1C3A11F9F9499EFE01420917CA14348BE74DC2CD1C8CDB4313783123740
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.........Wm.#+O

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, page size 2048, file counter 2, database pages 50, cookie 0x22, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):102400
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.2588377503228396
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:L/UbavrNdV9bH9ITj8bGpnYANq6VhVumbM6Qa:TAavrbV9D9knYANq6HVumgda
                                                                                                                                                                                                                                                                                                    MD5:5DACACA99C4B628E6F6EFC52C0B22FDC
                                                                                                                                                                                                                                                                                                    SHA1:018BB2C7A13E91E6F79A8B4BAAACECA72CC7BEFA
                                                                                                                                                                                                                                                                                                    SHA-256:D0A707145AD1BEC595C66ECB0E544257FA00229E5D127C2AEC1AA9014068FB89
                                                                                                                                                                                                                                                                                                    SHA-512:004B1FE7277794D427394A2F8E3E673A697FE67CA345AE915EA67BFBA35F7E974519B8259ECC20A3E0879638AA681B8A6CA9A00D0A8B43B7CD5954BC2F440210
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......2..........."......................................................c............,........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\b5659ee7-879e-4a3d-abe6-c6b0a80e5ff0.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4977
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.472464653784687
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:Vs1iPW7VaTLCX539dBUoEqHsfhVwSpsA5IOrMn3YPo0MG6+ZXb:relJlYzwSpFIOAn3go0iur
                                                                                                                                                                                                                                                                                                    MD5:7B75433EB797BD474E6F5DB812187135
                                                                                                                                                                                                                                                                                                    SHA1:81AFCC1F71E49705DD0BAF677348493BD1E14874
                                                                                                                                                                                                                                                                                                    SHA-256:658075D8C0DEB132B7E5DF4A6E22ED8B59853744B94106D0679AA545CD11FD60
                                                                                                                                                                                                                                                                                                    SHA-512:601B187D333E1E89B922E2CFA78077493244252641C5D27595AD34853EDEB7E346A2358AC6F14E53DA1F4E455851C9DC200A5E999513B0EBE532454EADFC6318
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13349909808124379","from_webstore":false,"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13349909808124379","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVw

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.3513252310376085
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:TLC7waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLidBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                                                                                                                                                    MD5:814DE6A67C3E0E49BFF923A5708570EE
                                                                                                                                                                                                                                                                                                    SHA1:3C470262F4EE6B51210AD97511BAB2BBB61D1387
                                                                                                                                                                                                                                                                                                    SHA-256:E90AE74FE4F9EE41A6B65AB0E7E85C180530CCC1A1DF761984D9D4A2FB22AAA6
                                                                                                                                                                                                                                                                                                    SHA-512:B00B946409D6A3176AD157216F8894A03B0415CCEB3FD7D465A855C24DD18C3892C48E42D07FAAB9FF086D02E475419FCA014BEBD9850D40F0967F9B24581459
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................c.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                    Size (bytes):2117
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.284975095488851
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:48:nlxogQZPJvBHRH6MYjMYtyQe9FjAlkfAlkBSLTgyLTgYfFeVni/+/+/+/:n8gQHiMYjMYwjYcYFTgsTgS/+/+/+/
                                                                                                                                                                                                                                                                                                    MD5:6B887088E419F6C8E3F2602AE8F9D3B8
                                                                                                                                                                                                                                                                                                    SHA1:85C1884EC1A0E56E4C270C0AB1599B9510165982
                                                                                                                                                                                                                                                                                                    SHA-256:BE8DDB32350B70EA3047B3D8A4802422F0EF2B4145D0AF26381E22114C8EEDAD
                                                                                                                                                                                                                                                                                                    SHA-512:87408D1DFF3AEE05F9B803E8FCBEB9E9F471F80A9E7EA13EDF87EBD2152773B6D66C36028C178AEBB3E7BB3805A00765CAE76B211FCA5CAC78F9194794A49A5F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.f.5...............A..r.................20_1_1...1.....................4_IPH_BatterySaverMode...IPH_BatterySaverMode......4_IPH_DesktopTabGroupsNewGroup"..IPH_DesktopTabGroupsNewGroup.....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo......4_IPH_GMCCastStartStop...IPH_GMCCastStartStop......4_IPH_HighEfficiencyInfoMode ..IPH_HighEfficiencyInfoMode......4_IPH_LiveCaption...IPH_LiveCaption......4_IPH_TabAudioMuting...IPH_TabAudioMuting......4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage......4_IPH_PerformanceNewBadge...IPH_PerformanceNewBadge.....-4_IPH_PriceTrackingPageActionIconLabelFeature1.+IPH_PriceTrackingPageActionIconLabelFeature......4_IPH_TabSearch...IPH_TabSearch......4_IPH_WebUITabStrip...IPH_WebUITabStrip......4_IPH_DesktopPwaInstall...IPH_DesktopPwaInstall......4_IPH_ProfileSwitch...IPH_ProfileSwitch......4_IPH_DesktopSharedHighlighting#..IPH_DesktopSharedHighlighting......4_IPH_PriceTrackingInSidePanel"..IPH_PriceTrackingInSidePa

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):283
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.135715545519091
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmPvsHM1N723bTWQfrl2KLltmPpUpyq2PN723bTWQfrK+IFUv:HzsaOQ1LvXpyvVaOQ23FUv
                                                                                                                                                                                                                                                                                                    MD5:587209DF8147222713B1CDD9BBAC793F
                                                                                                                                                                                                                                                                                                    SHA1:FF345E74EA5C86ED6E0EFC0087AA20B7908E7272
                                                                                                                                                                                                                                                                                                    SHA-256:B247D6DB82B113487FB982B015AB882487BEAE63304110A98B2905D8FDA48C66
                                                                                                                                                                                                                                                                                                    SHA-512:8C64CF1F0637A3E155FCEEC9080ADC8570D1F38E88213960035D4A5F62D71A8CC82A2B19CDC4C1821826BC44DCC8DB996752DA404CFD0A12EC8B255473B0A748
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:49.007 18a4 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db since it was missing..2024/01/16-21:16:49.112 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):787
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.979910497969569
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12:G0nYXQWjW+etq4l3nb/Z78gMWlJhvHDfLlzeVL/RG0lbmtQsaxe0:G0nYgWK6ojZ7PvhrTML5psa40
                                                                                                                                                                                                                                                                                                    MD5:2B2FFE6FA3845FB8085246550BBBA74F
                                                                                                                                                                                                                                                                                                    SHA1:F3B8A329F16BAA3FFED6EB7E32B566F911EF5778
                                                                                                                                                                                                                                                                                                    SHA-256:FA727D0F859601B4620919A9FD3B203035707EA4A71DA83E0D0AFD0D8B7E57C4
                                                                                                                                                                                                                                                                                                    SHA-512:51FF4D3362DF97D7CA9FE2DAE9AB22FBECE3B8DE5770E5567851DF4AF28A55F0FCD5AD5DE6E24AC139715864533D2D714009C77CB6D22F510BE340A1E96A3867
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... ...w.................44_.....B....................33_.........................44_......'..................33_.......fA.................41_.....s....................41_......6...................20_......c...................19_.....5oP..................3_.......\4.................4_........].................20_.........................37_.........................38_.....$H..................39_.......1..................19_.....N../.................3_.......,..................4_......w.|.................20_.....)..>.................37_..........................38_.....h.#..................39_.....Xp...................21_.....T...................21_.....)..................9_.....j.o..................9_.....

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):301
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.098588825863623
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6:HmPlzHM1N723bTWQfrzs52KLltmP2yq2PN723bTWQfrzAdIFUv:H8LsaOQs9Lv7yvVaOQ9FUv
                                                                                                                                                                                                                                                                                                    MD5:F0C8C9F1F16FA1C5F085A401823ADB16
                                                                                                                                                                                                                                                                                                    SHA1:EE4747C1962072F4AEC483D66082BCCEAFCBEAC2
                                                                                                                                                                                                                                                                                                    SHA-256:9969FFE1DECA1FD5BAD2D134957375DE27D2EA14B0763DA24DA1069F6322D7D1
                                                                                                                                                                                                                                                                                                    SHA-512:8E36FF58DBBE2FA338126304095A355E4EFDB1AAECA0877C608E6D743D7CC8D7656D6AB1E71D4BF5C7B09CBEFCD1A38E1D13F1790FFC02F67DF83ED08F4C3288
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:2024/01/16-21:16:48.616 18a4 Creating DB C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata since it was missing..2024/01/16-21:16:48.832 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\GrShaderCache\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:LsNlZIu/:Ls3Zd/
                                                                                                                                                                                                                                                                                                    MD5:1F108C23698EDE87847EED121ACB2086
                                                                                                                                                                                                                                                                                                    SHA1:2294DDCADE5BE2F6D2785C8A087EE859EF415906
                                                                                                                                                                                                                                                                                                    SHA-256:C6981544B013C4063CCBB6D8AC8229C48626A38C318569428B34AF0473F88C58
                                                                                                                                                                                                                                                                                                    SHA-512:2E514067811B67AD61E474061F6063544165C350539AA461D5FB6E5CBBAD71BD5085514F307E440665D425EAAACB8F22324220FBD7B95879DD532AE27A0C6A82
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................4f...m/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Last Browser

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):92
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.0621665435002425
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:aGjLlA6maVd2sN2lLIulv0RlKelAAl:ga2sE0uaW6dl
                                                                                                                                                                                                                                                                                                    MD5:E4FF82274A9EBE4E8B21D5AE46EED19B
                                                                                                                                                                                                                                                                                                    SHA1:CDE217C002F9BD798B658E134C9FD603151DB344
                                                                                                                                                                                                                                                                                                    SHA-256:C409F90FD4809843B4CDB76CA0A230FA3CC169A355DD165628EA2DFEB6249185
                                                                                                                                                                                                                                                                                                    SHA-512:EB898BA49223DCEE8BC182106D82468F2FF142B9F8D4F969F14E49F41130FCC7458BD0EE753FEC5BCC42CAD9B328989090B19913F5D242379D27776858D66E63
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.P.C.A.p.p.S.t.o.r.e.\.n.w.j.s.\.N.W._.s.t.o.r.e...e.x.e.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Last Version

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.8150724101159437
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:NhhtP:rhR
                                                                                                                                                                                                                                                                                                    MD5:1AD8F2164E99103DF87F85C54351811F
                                                                                                                                                                                                                                                                                                    SHA1:35399BED2BF1580834BF76F881F1B49ACBA38815
                                                                                                                                                                                                                                                                                                    SHA-256:869F069AA046562EC8E9A997689A1C3413CF3A9217A1A2BC2E175A9728C31839
                                                                                                                                                                                                                                                                                                    SHA-512:F9E4603BAD93D01C768F7DC580A33653A03250DB89B690529D7F10E557596A24E5627B5B77C6BB0953241AF0FD5BCAD754A6CBEFFFA12446BED2000386113BF6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:110.0.5481.97

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):916
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.650967026431941
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Y+akdrrt0qje5+EWhPyhCIwyikrBNf2SwXtJQTxam:Y+5fHM6hPFI2oBNuSwde8m
                                                                                                                                                                                                                                                                                                    MD5:8C8F47BF2CA90E24A5D10B1CE33C9C2F
                                                                                                                                                                                                                                                                                                    SHA1:E3AB8D0FE7A583008240FF87078F8FD11E609902
                                                                                                                                                                                                                                                                                                    SHA-256:DCAD64C22A8BA67DED0F5859352CE358C89A6CA9F12D9A1DCA63E60B424D0EB4
                                                                                                                                                                                                                                                                                                    SHA-512:73C9603309EA159539F9F56D4DA801523205C15C8FD83C92941D9F9E210BFB1F29C5EF3AAD8013985A2307BE97338F10D4BE922B0687CB6BE75E0F64D64AFE83
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{},"profile_counts_reported":"13349909807847708"},"uninstall_metrics":{"installation_date2":"1705436207"},"user_experience_metrics":{"low_entropy_source3":5141,"pseudo_low_entropy_source":3544,"stability":{"browser_last_live_timestamp":"13349909807728225","stats_buildtime":"1601787600","stats_version":"110.0.5481.97-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Local State~RF578092.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):916
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.650967026431941
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Y+akdrrt0qje5+EWhPyhCIwyikrBNf2SwXtJQTxam:Y+5fHM6hPFI2oBNuSwde8m
                                                                                                                                                                                                                                                                                                    MD5:8C8F47BF2CA90E24A5D10B1CE33C9C2F
                                                                                                                                                                                                                                                                                                    SHA1:E3AB8D0FE7A583008240FF87078F8FD11E609902
                                                                                                                                                                                                                                                                                                    SHA-256:DCAD64C22A8BA67DED0F5859352CE358C89A6CA9F12D9A1DCA63E60B424D0EB4
                                                                                                                                                                                                                                                                                                    SHA-512:73C9603309EA159539F9F56D4DA801523205C15C8FD83C92941D9F9E210BFB1F29C5EF3AAD8013985A2307BE97338F10D4BE922B0687CB6BE75E0F64D64AFE83
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{},"profile_counts_reported":"13349909807847708"},"uninstall_metrics":{"installation_date2":"1705436207"},"user_experience_metrics":{"low_entropy_source3":5141,"pseudo_low_entropy_source":3544,"stability":{"browser_last_live_timestamp":"13349909807728225","stats_buildtime":"1601787600","stats_version":"110.0.5481.97-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Local State~RF57a977.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):916
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.650967026431941
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Y+akdrrt0qje5+EWhPyhCIwyikrBNf2SwXtJQTxam:Y+5fHM6hPFI2oBNuSwde8m
                                                                                                                                                                                                                                                                                                    MD5:8C8F47BF2CA90E24A5D10B1CE33C9C2F
                                                                                                                                                                                                                                                                                                    SHA1:E3AB8D0FE7A583008240FF87078F8FD11E609902
                                                                                                                                                                                                                                                                                                    SHA-256:DCAD64C22A8BA67DED0F5859352CE358C89A6CA9F12D9A1DCA63E60B424D0EB4
                                                                                                                                                                                                                                                                                                    SHA-512:73C9603309EA159539F9F56D4DA801523205C15C8FD83C92941D9F9E210BFB1F29C5EF3AAD8013985A2307BE97338F10D4BE922B0687CB6BE75E0F64D64AFE83
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{},"profile_counts_reported":"13349909807847708"},"uninstall_metrics":{"installation_date2":"1705436207"},"user_experience_metrics":{"low_entropy_source3":5141,"pseudo_low_entropy_source":3544,"stability":{"browser_last_live_timestamp":"13349909807728225","stats_buildtime":"1601787600","stats_version":"110.0.5481.97-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Local State~RF57e642.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):916
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.650967026431941
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Y+akdrrt0qje5+EWhPyhCIwyikrBNf2SwXtJQTxam:Y+5fHM6hPFI2oBNuSwde8m
                                                                                                                                                                                                                                                                                                    MD5:8C8F47BF2CA90E24A5D10B1CE33C9C2F
                                                                                                                                                                                                                                                                                                    SHA1:E3AB8D0FE7A583008240FF87078F8FD11E609902
                                                                                                                                                                                                                                                                                                    SHA-256:DCAD64C22A8BA67DED0F5859352CE358C89A6CA9F12D9A1DCA63E60B424D0EB4
                                                                                                                                                                                                                                                                                                    SHA-512:73C9603309EA159539F9F56D4DA801523205C15C8FD83C92941D9F9E210BFB1F29C5EF3AAD8013985A2307BE97338F10D4BE922B0687CB6BE75E0F64D64AFE83
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{},"profile_counts_reported":"13349909807847708"},"uninstall_metrics":{"installation_date2":"1705436207"},"user_experience_metrics":{"low_entropy_source3":5141,"pseudo_low_entropy_source":3544,"stability":{"browser_last_live_timestamp":"13349909807728225","stats_buildtime":"1601787600","stats_version":"110.0.5481.97-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Module Info Cache (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):93300
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.772103664086291
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:ranCo9ltjPtWNQyZQEKQDGhUUGZBcM6Cp8e81MIM5lw+FOruf1f1q02N1zpxXib6:Y43eJZ4SKOqzMwK5CHZQ
                                                                                                                                                                                                                                                                                                    MD5:704550EECB243DBE7E96B4BDB9CEA66F
                                                                                                                                                                                                                                                                                                    SHA1:4C29F66130AE74C3CE505B9E41849F0C0A574D0E
                                                                                                                                                                                                                                                                                                    SHA-256:EA2320D60A5EA2BB4416B5B506199D41DE91E411209EC935AA8DF14543856936
                                                                                                                                                                                                                                                                                                    SHA-512:555BCC050B719680E70D3AD664C444325551091473714EF1042B58D4C6EBD7F58E68855DE969A2F0225CA577BFB066455F93BDCF919883BB9880D78B0CA6BEFD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:pl..............m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Module Info Cache~RF57f64f.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):93300
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.772103664086291
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:ranCo9ltjPtWNQyZQEKQDGhUUGZBcM6Cp8e81MIM5lw+FOruf1f1q02N1zpxXib6:Y43eJZ4SKOqzMwK5CHZQ
                                                                                                                                                                                                                                                                                                    MD5:704550EECB243DBE7E96B4BDB9CEA66F
                                                                                                                                                                                                                                                                                                    SHA1:4C29F66130AE74C3CE505B9E41849F0C0A574D0E
                                                                                                                                                                                                                                                                                                    SHA-256:EA2320D60A5EA2BB4416B5B506199D41DE91E411209EC935AA8DF14543856936
                                                                                                                                                                                                                                                                                                    SHA-512:555BCC050B719680E70D3AD664C444325551091473714EF1042B58D4C6EBD7F58E68855DE969A2F0225CA577BFB066455F93BDCF919883BB9880D78B0CA6BEFD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:pl..............m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Module Info Cache~RF581f63.TMP (copy)

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):93300
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.772103664086291
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:ranCo9ltjPtWNQyZQEKQDGhUUGZBcM6Cp8e81MIM5lw+FOruf1f1q02N1zpxXib6:Y43eJZ4SKOqzMwK5CHZQ
                                                                                                                                                                                                                                                                                                    MD5:704550EECB243DBE7E96B4BDB9CEA66F
                                                                                                                                                                                                                                                                                                    SHA1:4C29F66130AE74C3CE505B9E41849F0C0A574D0E
                                                                                                                                                                                                                                                                                                    SHA-256:EA2320D60A5EA2BB4416B5B506199D41DE91E411209EC935AA8DF14543856936
                                                                                                                                                                                                                                                                                                    SHA-512:555BCC050B719680E70D3AD664C444325551091473714EF1042B58D4C6EBD7F58E68855DE969A2F0225CA577BFB066455F93BDCF919883BB9880D78B0CA6BEFD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:pl..............m...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.V.F.S.\.P.r.o.g.r.a.m.F.i.l.e.s.C.o.m.m.o.n.X.6.4.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.f.f.i.c.e.1.6.\.m.s.o.s.h.e.x.t...d.l.l.... ...#.ea...c.:.\.p.r.o.g.r.a.m. .f.i.l.e.s. .(.x.8.6.).\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.r.o.o.t.\.v.f.s.\.p.r.o.g.r.a.m.f.i.l.e.s.c.o.m.m.o.n.x.6.4.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...1.6.8.2.7...2.0.1.3.0.........C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.C.a.t.R.o.o.t.\.{.F.7.5.0.E.6.C.3.-.3.8.E.E.-.1.1.D.1.-.8.5.E.5.-.0.0.C.0.4.F.C.2.9.5.E.E.}.\.M.i.c.r.o.s.o.f.t.-.O.f.f.i.c.e.-.C.l.i.c.k.T.o.R.u.n.-.3.9.D.4.F.9.E.5.-.6.9.5.B.-.4.6.C.1.-.A.2.6.C.-.5.C.A.5.5.C.2.3.3.7.6.D.-.s.t.r.e.a.m...x.8.6...x.-.n.o.n.e...d.a.t...c.a.t.......M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:LsNliJIu/:Ls3iJIu/
                                                                                                                                                                                                                                                                                                    MD5:53AB419A613BFDF962DE91872265FBB0
                                                                                                                                                                                                                                                                                                    SHA1:3CC007060584B32822125079D4ACB42BD3A98E28
                                                                                                                                                                                                                                                                                                    SHA-256:4CC389B2A3D702609E6980995253F1526CD30D97415652E635262D01EFAF30DB
                                                                                                                                                                                                                                                                                                    SHA-512:EBF753191925229F859D2636086D84C3301A4CCA9D35B9DC73E1425C7764DE259D9BD2165F56CE886521232893E014AAA368746FC91ACFC199F7F3B7FB541563
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.........................................\...m/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\Variations

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):86
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                                                                                                                    MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                                                                                                    SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                                                                                                    SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                                                                                                    SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\c6b16cbd-bd23-4a18-9c24-39daa2e12d0c.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3132
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.71771172838133
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:En6Bf1r5+DotoeKkBlkffD6rjYrQuD8la:EnBDUvlY6rjYrnQ8
                                                                                                                                                                                                                                                                                                    MD5:54F090E866C6CE46FF764339EE8C0583
                                                                                                                                                                                                                                                                                                    SHA1:CA3FF630F487C4A4B9BE811B1BEA43F8D79B12E6
                                                                                                                                                                                                                                                                                                    SHA-256:402E8740F75289B0C621A8EF293CB6C34C105EACF7A4C6D275BD35E774D2D830
                                                                                                                                                                                                                                                                                                    SHA-512:524B41BDC7FF1447F6070EA5E06C389913976B5003E0E1493ABD1F0573BE20F5D4B772A6B34250595268AE4026C94159E3D129364B9C533912F05B707889A4A1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"hardware_acceleration_mode_previous":true,"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.705436216154455e+12,"network":1.705436212694e+12,"ticks":5732951512.0,"uncertainty":10224145.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"policy":{"last_statistics_update":"13349909807992971"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_lo

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\e7ac92ed-d493-4f6c-91bf-44fa9dab095c.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):916
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.650967026431941
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:Y+akdrrt0qje5+EWhPyhCIwyikrBNf2SwXtJQTxam:Y+5fHM6hPFI2oBNuSwde8m
                                                                                                                                                                                                                                                                                                    MD5:8C8F47BF2CA90E24A5D10B1CE33C9C2F
                                                                                                                                                                                                                                                                                                    SHA1:E3AB8D0FE7A583008240FF87078F8FD11E609902
                                                                                                                                                                                                                                                                                                    SHA-256:DCAD64C22A8BA67DED0F5859352CE358C89A6CA9F12D9A1DCA63E60B424D0EB4
                                                                                                                                                                                                                                                                                                    SHA-512:73C9603309EA159539F9F56D4DA801523205C15C8FD83C92941D9F9E210BFB1F29C5EF3AAD8013985A2307BE97338F10D4BE922B0687CB6BE75E0F64D64AFE83
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{},"profile_counts_reported":"13349909807847708"},"uninstall_metrics":{"installation_date2":"1705436207"},"user_experience_metrics":{"low_entropy_source3":5141,"pseudo_low_entropy_source":3544,"stability":{"browser_last_live_timestamp":"13349909807728225","stats_buildtime":"1601787600","stats_version":"110.0.5481.97-64-devel","system_crash_count":0}}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\pc_app_store\User Data\e9eec037-1ecc-4d67-9bd3-66508f631259.tmp

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3210
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.712324717779985
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:96:An6Tf1r5+DotoeKuBlGffM6rjYrQuD8la:AnjDUJlb6rjYrnQ8
                                                                                                                                                                                                                                                                                                    MD5:9A5DF5DAF84F446F4CB4B46FD197A5B4
                                                                                                                                                                                                                                                                                                    SHA1:89F17B8475DDF58605312636AD4D912A08505A7E
                                                                                                                                                                                                                                                                                                    SHA-256:B5ED4EF01E8BA2CEA5FF2BE2E5FF208DF06290D82C94F544728E3A5B42B0DA73
                                                                                                                                                                                                                                                                                                    SHA-512:63EC273324133F4893DD584F8E6AC8AA08C03F20D446F353E9942C708E1544B97D0107FB33832C6539A680EEA10BB23C56BF94E33CF533E44E1B77409BEF9E55
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"browser":{"shortcut_migration_version":"110.0.5481.97"},"hardware_acceleration_mode_previous":true,"invalidation":{"per_sender_topics_to_handler":{}},"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"network_time":{"network_time_mapping":{"local":1.705436220398581e+12,"network":1.705436221095e+12,"ticks":5737195638.0,"uncertainty":10226064.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABzpC0iCrWYRaxM8ibHmOzsAAAAAAIAAAAAABBmAAAAAQAAIAAAADrsB6tNK+PDq7SOSwC4tj/4ONDQZ8UZtTiQo1aZsXl6AAAAAA6AAAAAAgAAIAAAAABQ/XBEtvcMwPOu28WajMT1fOdWMGiq9jDR0uTm5h5sMAAAAN7J1Tu8xhJK3Sd2Myqj1eiSis95Hme4cyTJbo5KcnfaKH/qE9Zy48lD5Qnes6ohg0AAAACC/YigKqSDpClRl++aHFe5GzfqL8cU3bKpf1kH5DHaaHtCFWDu/8WsTYziMr7lxHRJd9K9h9DGpiIUV2gsdcG9"},"policy":{"last_statistics_update":"13349909807992971"},"privacy_budget":{"block_offset":9,"generation":8},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AV

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Fri Jun 2 12:40:50 2023, mtime=Tue Jan 16 19:16:43 2024, atime=Fri Jun 2 12:40:50 2023, length=1859928, window=hide
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1872
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.495541793518961
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24:8yNwBkDuPwY0TA/XVRU5qwtkkO6iO/7Pqy3qygm:86wBkSPH00riqOO6idyg
                                                                                                                                                                                                                                                                                                    MD5:C5F2CA16E777D4C23F930D7953204B2B
                                                                                                                                                                                                                                                                                                    SHA1:971DB7F668C3DF822E1648BCC489977A7AF5D6DD
                                                                                                                                                                                                                                                                                                    SHA-256:41D0EB40AB9B9AA4021140AD8A427D02055017A71CB3E340D993D0613652F3F3
                                                                                                                                                                                                                                                                                                    SHA-512:BEA63FD9F87FCD6C2A2A3CC55644DC1D9A196DFFE7E9017DEF0313431A55237143F49D8D5117C7B94E157F2C773AF5EF0591BB0088E7A3A50704045BD62B61E6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:L..................F.@.. .......W.......H......W...Xa......................0.:..DG..Yr?.D..U..k0.&...&.......$..S.....n.H......H......t...CFSF..1.....0X....PCAPPS~1....t.Y^...H.g.3..(.....gVA.G..k...F......0X..0X............................e%P.P.C.A.p.p.S.t.o.r.e...D.j.2.Xa...V.m .PCAPPS~1.EXE..N.......V.m0X......r"........................P.c.A.p.p.S.t.o.r.e...e.x.e.......Z...............-.......Y...........FP.......C:\Users\user\PCAppStore\PcAppStore.exe..+.....\.....\.....\.....\.....\.....\.P.C.A.p.p.S.t.o.r.e.\.P.c.A.p.p.S.t.o.r.e...e.x.e...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.P.C.A.p.p.S.t.o.r.e.../.i.n.i.t. .d.e.f.a.u.l.t. .s.h.o.w.M.+.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.P.C.A.p.p.S.t.o.r.e.\.p.c.a.p.p.s.t.o.r.e...i.c.o.........%USERPROFILE%\PCAppStore\pcappstore.ico...............................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\cache\start_menu_cache.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):17034
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.368221753342849
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:rvQ7OqZNftCYg73GGVLO+F0jw+9V1AiU64F7IOKmOYwsYNi7c:7Q7OgfgYUVnnnTI
                                                                                                                                                                                                                                                                                                    MD5:266B44612AD4B03AB085C6158519D53A
                                                                                                                                                                                                                                                                                                    SHA1:F2C271A81D26661FF9F71708B99D35A1ECB1BB96
                                                                                                                                                                                                                                                                                                    SHA-256:5D32ED23103A6E88FC67DDB708F5C1CC6E43172DF97D817CE99C004E5AE8F8F8
                                                                                                                                                                                                                                                                                                    SHA-512:ACBBD2A743C912AFCAA43597E50C2BF6856F7C95906036F33E7F1AC9E24092149DAB4E2232A708C22667927A7FE2CC1ED7F091321E91A7B0D8DA989F64184382
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"html":"<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\"/>\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"/>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"/>\n <title>PCAppStore</title>\n <style>\n /* If the user has Windows 11 for the body and html tags added the classes\n start-menu-html--windows-11\n start-menu-body--windows-11 */\n\n /* The classes light-theme or dark-theme are added to the HTML tag depending on the selected Windows theme */\n * {\n margin: 0;\n padding: 0;\n box-sizing: border-box;\n }\n\n html {\n overflow: hidden;\n --sm-primary-text-color: #000;\n --sm-secondary-text-color: #fff;\n --sm-product-hover-border: rgb(255 255 255 / 70%);\n --sm-product-bg: #efefef;\n }\n\n body {\n font-family: \"Roboto\", sans

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\fA_1pFbCu4_2p0.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):60805
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.702385990570248
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:384:JPzZJfVtWd22GJgFjmzIe36dHzyjRa281APBPIOZeT9yHbRK0VYjo+ZWAReBYJf:RPLWd2gqsbtGjc28MeTsHbRKBoO
                                                                                                                                                                                                                                                                                                    MD5:36E9AFBA8DF08216CE2A83F4C6E72EB0
                                                                                                                                                                                                                                                                                                    SHA1:E8EB95B1B0621299D953E0BE334AC994C3450285
                                                                                                                                                                                                                                                                                                    SHA-256:3F8F2F48E03CCD9A932A4CDCB803501FA4C357ED91DD37C52DFDB3952D87F874
                                                                                                                                                                                                                                                                                                    SHA-512:4022CAC4BB08CF4709C4E6C2E8CB2A79F2E3F7850D21CB563CEB3348FEFD1F9F814B6128D093BC1CCC0DE034D5323A02522D4D0C76FBD11F01D6C1A879F5FD29
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:[{"QW1rbl9yR0I=":"RWNsTnBnbHJPc2NzYw==","QWpfcXFFc2di":"eS9jYjBgYGQ3Ky8vZC4rMi42MitgMC9kK19iNjFfNmM0YmFiYXs=","QmN0Z2FjQWpfcXE=":"TlBHTFJPU0NTQw==","QmN0Z2FjR0I=":"UVVCWk5QR0xSQ0xTS1p5MjRCMy4xQTUrQDZANSsyNz8zKzZCPzArQkFBPzQvQDIxLz8uew==","QmN0Z2FjTF9rYw==":"Sm1hX2oeTnBnbHIeT3Njc2M=","QmNxYXBnbnJnbWw=":"Sm1hX2oeTnBnbHIeT3Njc2M=","QnBndGNwQl9yYw==":"MC4uNC40MC8uLi4uLi4sKCgoKCgoKSgoKA==","QnBndGNwTnBtdGdiY3BMX2tj":"S2dhcG1xbWRy","QnBndGNwVGNwcWdtbA==":"Ly4sLiwvNy4yLywv","R2xkTF9rYw==":"bnBnbHJvc2NzYyxnbGQ=","RHBnY2xiandMX2tj":"TWxjTG1yYw==","Rl9wYlVfcGNHQg==":"TlBHTFJDTFNLWnkvMTE0LzdjMisvMjFgKzI0MV8rYDYuNytgL2QzL2IuM2Q3NTF7","S19sc2RfYXJzcGNw":"S2dhcG1xbWRy","TkJN":"WkJjdGdhY1ouLi4uLi4yMw==","UWdlbGNw":"S2dhcG1xbWRyHlVnbGJtdXE=","Z2I=":"MTMuMS8uNS43Lw=="},{"QW1rbl9yR0I=":"RWNsTnBnbHJPc2NzYw==","QWpfcXFFc2di":"eS9jYjBgYGQ3Ky8vZC4rMi42MitgMC9kK19iNjFfNmM0YmFiYXs=","QmN0Z2FjQWpfcXE=":"TlBHTFJPU0NTQw==","QmN0Z2FjR0I=":"UVVCWk5QR0xSQ0xTS1p5Mi4xQzE0M0QrMjFDQisyQTI3KzcuNDArQTZELi8yQDE/NDIzew==",

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\fa.xml

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:4:4
                                                                                                                                                                                                                                                                                                    MD5:552DACB15F2019C8F3F74C55BEFA242C
                                                                                                                                                                                                                                                                                                    SHA1:9762053D4DEFB8BE822CB0957983A6B8796976D6
                                                                                                                                                                                                                                                                                                    SHA-256:32C4858E22CC2C967B42150FA550562A2C839C2CEBCAAB91CABDF6F4DA020022
                                                                                                                                                                                                                                                                                                    SHA-512:A80F7CC2606EF6E5474E96B1E520C17ECF432F0DA9A566BD157044130CFB548F10D929FFB5783008DF78B6D07D07D109BFFBAD1998CB8309ECCEC7E4D3FC813A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:#.

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\nEpAg1lFrCc4p2q0.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):195
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.202517854483715
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:1mEY/UjQ14JeHA0Y/UjfmE9J4HXA0Y/UIHyMxqwg63x/Hmx0Y/UIHyM1OzBYHkY8:15QKJYAc+E6AvypwrRHmxvyB6HkYABv
                                                                                                                                                                                                                                                                                                    MD5:E6F00FA0E3EEA9B0ED4EEC3673C5B525
                                                                                                                                                                                                                                                                                                    SHA1:B33D22B1B2B53003756240C97C8AAF020E6D439B
                                                                                                                                                                                                                                                                                                    SHA-256:00BBEEEEE577373436714F46C6078874DB0FA511E0A850E5730226C5CFB9473A
                                                                                                                                                                                                                                                                                                    SHA-512:F3CFF4AF75E04AEAF9586BB2340F3BDCCA2D6AA40206F199AD71EF3DBFD0EB826E284E0DFA5128F9469F3A13E4E0F8DC16C7F70B990D69DD4217FF359260E8CD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:[{"bF9rYw==":"TWxjTG1yYw=="},{"bF9rYw==":"TWxjTG1yYx4mQmNxaXJtbic="},{"bF9rYw==":"S2dhcG1xbWRyHlZOUR5CbWFza2Nsch5VcGdyY3A="},{"bF9rYw==":"S2dhcG1xbWRyHk5wZ2xyHnJtHk5CRA=="},{"bF9rYw==":"RF92"}]..

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\qAm1dFrCu4_2p0.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):7477
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.784326451068026
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:192:Eef3Gpre9gherZR4VPx8wwbsN6FgYLO8VPERfsy:EgWFOR4ZqwH6nO8ZERT
                                                                                                                                                                                                                                                                                                    MD5:69346E728CFC4A45C9008DDF652B1153
                                                                                                                                                                                                                                                                                                    SHA1:71E13F3F802A4C5E0D62C6B8DB929C02E626CA97
                                                                                                                                                                                                                                                                                                    SHA-256:AEC021636CCBC0C2084CC76EE8960B731731E80709413DF69029B59913367D21
                                                                                                                                                                                                                                                                                                    SHA-512:0FF089A49EF9F39C7C754E41D7829019C845EB1D119617DEEB11A0F692DB9F49369F3620F1ECF2A0B4F1312843F0E5BA8F58CFBDC0523BE0FAFC6403FBB39578
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:[{"QV9ucmdtbA==":"TWRkZ2FjHi80HkFqZ2FpK3JtK1BzbB5DdnJjbHFnYGdqZ3J3HkFta25tbGNscg==","QmNxYXBnbnJnbWw=":"TWRkZ2FjHi80HkFqZ2FpK3JtK1BzbB5DdnJjbHFnYGdqZ3J3HkFta25tbGNscg==","R2JjbHJnZHdnbGVMc2tgY3A=":"eTcuLzQuLi4uKy4uNkErLi4uLisuLi4uKy4uLi4uLi5ERC9BQ3s=","R2xxcl9qakJfcmM=":"MC4wMS8uLjM=","R2xxcl9qalFtc3BhYw==":"QThaTnBtZXBfax5EZ2pjcR4mdjY0J1pLZ2FwbXFtZHIeTWRkZ2FjWnBtbXJaR2xyY2VwX3JnbWxa","Sl9sZXNfZWM=":"Lg==","Sm1hX2pOX2FpX2Vj":"QThaVWdsYm11cVpHbHFyX2pqY3BaNmRjMzMsa3Fn","TF9rYw==":"TWRkZ2FjHi80HkFqZ2FpK3JtK1BzbB5DdnJjbHFnYGdqZ3J3HkFta25tbGNscg==","Tl9haV9lY0FfYWZj":"QThaVWdsYm11cVpHbHFyX2pqY3BaNmRjMzMsa3Fn","Tl9haV9lY0FtYmM=":"eUAvMDU/QjFCK0QzNzErMkI3Qys3MS8vKzBCPzA/NjAwL0Q0MHs=","Tl9haV9lY0xfa2M=":"QTBQR2xyLC80LGtxZw==","VGNsYm1w":"S2dhcG1xbWRyHkFtcG5tcF9yZ21s","VGNwcWdtbA==":"LzQsLiwvNDYwNSwwLi8xLg==","Z2I=":"LzU0LjA0NzAvMg=="},{"QV9ucmdtbA==":"TWRkZ2FjHi80HkFqZ2FpK3JtK1BzbB5DdnJjbHFnYGdqZ3J3HkFta25tbGNsch40MitgZ3IeUGNlZ3FycF9yZ21s","QmNxYXBnbnJnbWw=":"TWRkZ2FjHi80HkFqZ2FpK3JtK1BzbB5Ddn

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\updateLastVersion

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):8
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.0
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:pEn:2
                                                                                                                                                                                                                                                                                                    MD5:34263D558D9E5A7EDC04F8D80C76649D
                                                                                                                                                                                                                                                                                                    SHA1:9CF0B311765445B7BB1C9B25767E615019305BFA
                                                                                                                                                                                                                                                                                                    SHA-256:DDA3B20D07CF936A8EBF80B771BF76A130AEDE7ABE77261D1FD254D4A3AE3450
                                                                                                                                                                                                                                                                                                    SHA-512:BD8A989E06F7A23105419AA7785A465484657E1C2BB6403CA0402B5A5251172F7074A86AE57CB4800A90FBC1EC69E31D1DBCE9103535CDFC3A61EB2AC2103F78
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:fa.1059o

                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\PCAppStore\Data\update\u_temp_event

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):42
                                                                                                                                                                                                                                                                                                    Entropy (8bit):2.9881439641616536
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:CUXPQE/xlEy:1QEoy
                                                                                                                                                                                                                                                                                                    MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                                                                                                                                    SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                                                                                                                                    SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                                                                                                                                    SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\AutoUpdater.exe

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):426840
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.599118846546311
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:lxK12ApGKO1PHf3McFoaMb2C3qaM7XHhAAORMoBcSTe:lx2NplO1PHf8cF3rNAHtTe
                                                                                                                                                                                                                                                                                                    MD5:E94CED8CA1236B3D9D54061C4580B97D
                                                                                                                                                                                                                                                                                                    SHA1:10696F534C17D3AE2B922E02036B68BEDADDD2EF
                                                                                                                                                                                                                                                                                                    SHA-256:01A1E1DCB90FAD2E836D35AC23F743CF0F963D8556429476FF1392604B52A98D
                                                                                                                                                                                                                                                                                                    SHA-512:E7C43C21250584DF9AB54557EA43A6ADA4EA7290F09B3ADAB52C7F8351CCC9929B886E998AA878F260BAB51C8E3E3CD3F1CC9EC4D4D5E3DC0BD9649F1B291DF6
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Oa..!2..!2..!2.."3..!2..$3..!2..%3..!2..%3..!2.."3..!2..$3.!2.. 3..!2.. 2:.!2a.(3..!2a..2..!2...2..!2a.#3..!2Rich..!2........PE..L.....yd...............#............D%............@..................................(....@.................................x............G...........Z..X)...P..(3..@x..T....................x.......w..@............................................text............................... ..`.rdata...........0..................@..@.data....+..........................@....rsrc....G.......H..................@..@.reloc..(3...P...4...&..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\PcAppStore.exe

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1859928
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.678991443940213
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:49152:/ZArrB+gZc/heUuXc6MhEiLZCkvyFAv2FaqTh9zHT:ResgqYUuXNUyF8i
                                                                                                                                                                                                                                                                                                    MD5:A0D255A0293C7775D917EB7BD8F79223
                                                                                                                                                                                                                                                                                                    SHA1:4BB7EAB10AC5DB958B219099D33EF3F6CE66C227
                                                                                                                                                                                                                                                                                                    SHA-256:76EA6DE812FA8C3612C2C5B6EC6FC34E52FB9B2B8380D5447E31638DD4A1A24F
                                                                                                                                                                                                                                                                                                    SHA-512:351710969AF5EDC8CE57EFC46B4F90CECF9EC7F08F96ECB20E85B07978CC65B1B7FE455ED56DB169A06D218B7BCE599EA3B2C65D0053B72588FA61CCDE52987C
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 42%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....xC..xC..xCN.{B..xCN.}B..xC..|B..xC...C..xC..{B..xC..}B`.xCN.|B..xCN.~B..xCN.yB&.xC..yC..xC.qB..xC..C..xC...C..xC.zB..xCRich..xC........PE..L.....yd...............#.N..........9........`....@.......................................@.....................................h.......H^...........8..X)... ..........8..............................@............`..l............................text...LM.......N.................. ..`.rdata...c...`...d...R..............@..@.data............J..................@....rsrc...H^.......`..................@..@.reloc....... .......`..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ReadMe.txt

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):146
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.577360416859904
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3:TKPyFfliFRNAl2sIaRjyM1KOTxLELMZ4MKLJF8EelYq8AsXJVVWM4v:TyyFflmSssI+j1NLELM6MKn8EquZVVCv
                                                                                                                                                                                                                                                                                                    MD5:2845450EA9D938CFEA9809CA0C827F12
                                                                                                                                                                                                                                                                                                    SHA1:8DE2189530DA5923365436C37E4C55C500AC3FBF
                                                                                                                                                                                                                                                                                                    SHA-256:7FDADB3CA5B81C6D1C58A20610921BF89D63DC65B77BE982F422C6FD2A13F166
                                                                                                                                                                                                                                                                                                    SHA-512:7D19FE6E9DD51BB880FD6FBB7EE126C8078771EE5166D53F312B04D117CE2897CBB6DFB5E5627314C3CF8B56F7A2BBF5B9D38258E7912B0AC5D420B611B7C363
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:Fhis folder contains the PC App Store for Microsoft Windows.....For additional information, please visit https://pcapp.store/?p=lpd_appstore-faq..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\Uninstaller.exe

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):172152
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.281889659239827
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:dbG7N2kDTHUpoueSlPGV8KjNw0oLc52IlIL9u5lPbxxn+3cKPxw:dbE/HUmAtKjNw0o2uu7znX
                                                                                                                                                                                                                                                                                                    MD5:89A6FE874ED8A09D6A0E8BF855948FD7
                                                                                                                                                                                                                                                                                                    SHA1:7678A7F5998EA7380CE74DF1B51C5BE7305FBDC2
                                                                                                                                                                                                                                                                                                    SHA-256:716B7C494FEA909258F82ECC651F5697A7BD3A71E484BAFE000ECF95B5AD8C3C
                                                                                                                                                                                                                                                                                                    SHA-512:E942EC6BE0E71F494F7BCAACDBA24562E8DC709FC5FF9314C1E0A2D0444D511009FCD3B331AACF88D2DCEF2532D91694F6FA3F25A1DD56391284578BA0EEBC35
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@.................................f(....@..........................................`..(u.......... w..X)...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata.......`...........................rsrc...(u...`...v..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\NW_store.exe

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2491224
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.482940742516379
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:49152:8vapzGDZgENyIdbu2teKN3KtEeHTBPvXfRM:8yprYvWBPxM
                                                                                                                                                                                                                                                                                                    MD5:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    SHA1:FCDF98ECD1964401EB1FA3431CD27C597BD6BFF7
                                                                                                                                                                                                                                                                                                    SHA-256:3609C797B49ACECC223E6243BF8D96F9ADBA54D07B0057CD4CC12B1F789953C2
                                                                                                                                                                                                                                                                                                    SHA-512:9CCF868B7ACF13DEEE8CC8210FF1A339DDFE70DFC2D75C6EC67CE8A032D82E3565F9449A746E8F15C064499B46DFAFC81641E663291BB276F9E22297EF01866F
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........."......L.....................@..............................&.....LY&...`................................................F...P..... ......@..4.....%.X)....&.D!..\...8...................@...(...0...8...............@......`....................text....J.......L.................. ..`.rdata..4)...`...*...P..............@..@.data...P........H...z..............@....pdata..4....@......................@..@.00cfg..(....0 .....................@..@.gxfg... -...@ .....................@..@.retplnet....p ..........................tls.......... .....................@....voltbl.D..... .........................CPADinfo8..... .....................@..._RDATA........ .....................@..@malloc_hF..... ..................... ..`.rsrc......... .....................@..@.reloc..D!....&.."....%.............@..B........................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\credits.html

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):7155718
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.819700399824688
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24576:bK0VVni5DSPMvZw2evyvyK4cdb+uNPJ1PJaPJgPJrPJcXWIrs3XAsi:G2nipQS3MgLJd9LKwVd34
                                                                                                                                                                                                                                                                                                    MD5:51CA35A6666BE61D82547DC2928F8DD6
                                                                                                                                                                                                                                                                                                    SHA1:99153AE322418144183A5526D9436230797F7AEF
                                                                                                                                                                                                                                                                                                    SHA-256:74EA5A561DA7C7A9F896036D9171D7A04A72A941BBAF7F10ED7E89F1AD65B27C
                                                                                                                                                                                                                                                                                                    SHA-512:3C70D05FB5F9616392200341A72AA64F17DB0A129B51638B23BF2B5574B53E06DD1D6CE22BB1F716DF9530BB733D9C7635E07A810253765B7330F61324F4206F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<link rel="stylesheet" href="chrome://credits/credits.css">..</head>..<body>..<span class="page-title" style="float:left;">Credits</span>..<a id="print-link" href="#" style="float:right;" hidden>Print</a>..<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->..<div class="product">..<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>..<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>..<input type="checkbox" hidden id="0">..<label class="show" for="0" tabindex="0"></label>..<div class="licence">..<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4891080
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.392150637672776
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccA:oy904wYbZCoOI85oyI
                                                                                                                                                                                                                                                                                                    MD5:CB9807F6CF55AD799E920B7E0F97DF99
                                                                                                                                                                                                                                                                                                    SHA1:BB76012DED5ACD103ADAD49436612D073D159B29
                                                                                                                                                                                                                                                                                                    SHA-256:5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
                                                                                                                                                                                                                                                                                                    SHA-512:F7C65BAE4EDE13616330AE46A197EBAD106920DCE6A31FD5A658DA29ED1473234CA9E2B39CC9833FF903FB6B52FF19E39E6397FAC02F005823ED366CA7A34F62
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c..Z....c...c../c....7..c.......c.......c..Z....c..Z...bc..Z....c..Z....c..Z...6c..Z.[..c..Z....c..Rich.c..................PE..d...-L............" ......8.........`.(...................................... K.....2.J...`A..........................................F.x.....F.P.....J.@.....H.......J..!....J......vD.p.....................<.(...P.<.8.............<.(............................text.....8.......8................. ..`.rdata...=....8..@....8.............@..@.data...@.....F.......F.............@....pdata........H.......G.............@..@.rsrc...@.....J.......I.............@..@.reloc........J.......I.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\ffmpeg.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2013184
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.65649830414505
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:49152:oAsAmRJIp7SkiSZjf8W/I5vaN5rikt/9M:owmRUSki+RqaHvZ
                                                                                                                                                                                                                                                                                                    MD5:9518FCF62A52CF17F987B6BEB1935A0D
                                                                                                                                                                                                                                                                                                    SHA1:E4C55A1083B8FCBC2E1812B7A7A62CA75B1C66B6
                                                                                                                                                                                                                                                                                                    SHA-256:31132704944D3AE5101093F27CB523119EA3ACFBBA6E3C87216BF95EA2A0F40B
                                                                                                                                                                                                                                                                                                    SHA-512:418B169934A9E1D80743B8A7268EBB514055811C13B71D05AEB2F1B64F97E3156256B882A95677F693ACF139B52373C512AD559FE17E79836D5FE796273E8FBC
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ........................................................../...........`A....................................................(....P/.0....P...|...........`/..1......8...................p...(.......8...............`............................text.............................. ..`.rdata..............................@..@.data............"..................@....pdata...|...P...~..................@..@.00cfg..(............J..............@..@.gxfg....+.......,...L..............@..@.retplne\...../......x...................tls......... /......z..............@....voltbl.8....0/......|.................._RDATA.......@/......~..............@..@.rsrc...0....P/.....................@..@.reloc...1...`/..2..................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\icudtl.dat

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):10541264
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.277181423153392
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:98304:TfPBQYOo+ddlymYf2LfPQCvliXUxiG9Ha93Whla6ZENSs285:TfPBhORjYAHliXUxiG9Ha93Whla6ZEV7
                                                                                                                                                                                                                                                                                                    MD5:2C367970AC87A9275EEEC5629BB6FC3D
                                                                                                                                                                                                                                                                                                    SHA1:399324D1AEEE5E74747A6873501A1EE5AAC005EE
                                                                                                                                                                                                                                                                                                    SHA-256:17D57B17D12DC5CFBF06413D68A06F45CCF245F4ABDF5429F30256977C4ED6DE
                                                                                                                                                                                                                                                                                                    SHA-512:F788A0D35F9E4BEBE641EE67FFF14968B62891F52D05BF638CD2C845DF87F2E107C42A32BBE62F389F05E5673FE55CBDB85258571E698325400705CD7B16DB01
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I......I.......J..P....J......-J..P...EJ......ZJ.....rJ..@....J.. ....J..p....J.......J.......J..`....J.......J.......K.. ....K..`./.2K...,/.GK..p./.\K..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\libEGL.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):456704
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.312360034235447
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:/ADBnxR7oTX/k4bOBOiygXZJfR39DH0y4UVWkPp0yX4k/1n:4nxRQM4bOBOiygXZJ539DHPWdyX4S
                                                                                                                                                                                                                                                                                                    MD5:778527981EF1C1AC7A65D8B1DD3D0A1A
                                                                                                                                                                                                                                                                                                    SHA1:23B44770CA37765E368B618B999B7D119C20FF4D
                                                                                                                                                                                                                                                                                                    SHA-256:663EB32D7815EFA625EB339F5E1C5856AE8BEED65F501F32416D8E7744B533B1
                                                                                                                                                                                                                                                                                                    SHA-512:6E00B406D0CCC3316D98AED58D83ABE6B7AE69C251BE06915578945EB900276945A6F57BA0075D5BBBEBF01C156605C08323166F80D0A41253A6431F4494C1E8
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ........."......PL....................................................`A....................................................(.......x.......HB..............D...|...8...................`...(...0$..8...........(... ............................text...e........................... ..`.rdata...}.......~..................@..@.data....P...`... ...N..............@....pdata..HB.......D...n..............@..@.00cfg..(...........................@..@.gxfg...0$... ...&..................@..@.retplne\....P...........................tls....!....`......................@....voltbl.8....p.........................._RDATA..............................@..@malloc_hF........................... ..`.rsrc...x...........................@..@.reloc..D...........................@..B................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\libGLESv2.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6592000
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.449383520916799
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:49152:kdw61/AKkdR4M2oy4YrhtATcKGPz2b98moBBYAEsqMziN9pJM32pW4QaJADLZRiZ:8OPKtucNYpWFazUMv6gsOMd/H
                                                                                                                                                                                                                                                                                                    MD5:11FE117CF4FED191E380911D4DF45565
                                                                                                                                                                                                                                                                                                    SHA1:C881FEE1C8F78C5AB09C36135DA1403A0F274A81
                                                                                                                                                                                                                                                                                                    SHA-256:2A2511C2D292067EDFDDDC28406F08B3BECF455E3DF13954EECD6BFA320F7C8A
                                                                                                                                                                                                                                                                                                    SHA-512:2F6C5A2E666AB542785024D9C3EB22CC6A153D361F65AC20F0CF54FE5CD315E725DAB1BDB7E4EE424A7708ED46D23D51B84B8EC826AA99FAA30F7D3DE2ED4546
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ......I..........F.......................................e...........`A.........................................[.}...B.\.d.....d......pa.x.............d.....TJ[.8...................8I[.(....LZ.8...........P.\......[.@....................text...%.I.......I................. ..`.rdata..T.....I.......I.............@..@.data...T....`]......B].............@....pdata..x....pa.......`.............@..@.00cfg..(.... d......jc.............@..@.gxfg...`*...0d..,...lc.............@..@.retplne\....`d.......c..................tls....A....pd.......c.............@....voltbl.D.....d.......c................._RDATA........d.......c.............@..@malloc_hF.....d.......c............. ..`.rsrc.........d.......c.............@..@.reloc........d.......c.............@..B................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\af.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):402853
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.391882502795637
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:WwqQdEVuSlQiuxRX+HMT+jC6kAw1i6pgMb96SSt2y5vuw5CP6yfiNEYHl:xqQFSibxRX+HMCjC6kAw1i6pgMb96h2A
                                                                                                                                                                                                                                                                                                    MD5:54A1D9CF4CAD097ACA10A98B57AF5EB6
                                                                                                                                                                                                                                                                                                    SHA1:02DEF34DF12BD1001714A4B33422464880277678
                                                                                                                                                                                                                                                                                                    SHA-256:7E74B8EA2092BB5E2210F12E22B680EF438CDF4600EDC68A4FEF85F02C04E569
                                                                                                                                                                                                                                                                                                    SHA-512:6F5B0B6C7516E3D1033EAF83F967E82BABAE94565AE3F65100F151379353BE57AC35ADFA32C8B4B5CFC6B46FAF8CFC5C03B8B81A11DFE254A140CA6F5A07EBBA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.....l."...n.*...o./...p.<...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}...............................................................................&.....5.....F.....M...............................................0.....C.....E.....I.....q...........................................................'.....C.....V.....\.....f.....t.......................................................................*.....<.....O.....j.......................................................................!.....2.....`.....p..................................................... .....8.....=.....N.....a.....o.......................................................................$.....`...............................................4.....8.....D.....L.....P....._.....w................................... .....;.....@.....J.....X.....i.....r.....t... .}...".....%.....'.....(.....*.....+.....,.....-.6.....\.../.k...0.x...1.....3.....4.....5.....6.!...7.2...8.G...9.V.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\af.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\am.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):646484
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.969474362314929
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:jVfKVuTU58xZTtsosVgtz5j9ToAVzfukCQzx30jH8+I:jdKt58xTsougtz5j9ToAVzXCQ/
                                                                                                                                                                                                                                                                                                    MD5:FF96E5B461481F5F6FC51F97B16AED51
                                                                                                                                                                                                                                                                                                    SHA1:BFB22316E9D0056423210F008053E7DFF0B27851
                                                                                                                                                                                                                                                                                                    SHA-256:701179133634ACE55009F4D267E7FF4E378E2B83E60FBF890ADE87AF2C7732CC
                                                                                                                                                                                                                                                                                                    SHA-512:336579A59E82F269A3450A72724C8F51554ADA5250756EDBFF21285BBFB3EF6E5724DA5B00B249E95F964877943BDB7385E238708711B612017472C1F9B72981
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.#...j./...k.>...l.I...n.Q...o.V...p.c...r.i...s.z...t.....v.....w.....y.....z.....|.....}.........................................................................?.....[.....q.................6.....N.....x.............................?.....^.....`.....d...................................$.....4.....S...................................'.....0.....O.....q...................................(.....D.....J.....M.....\.............................>.....m.....................................................+.....:.....S...................................{...................................1.....4.....f.............................3.....:.....=.....>.....J.....S.....o.....v................./.............................".....Z.....j...............................................&.............................d............................................. .....".!...%.W...'.....(.....*.....+.....,.....-.......".../.D...0.^...1.....3.....4.....5.B...6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\am.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):654440
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.935412857995871
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:OhsUCQWgUF2Nn917A0BNPcg1CyqDPH5HumzbmS:RRQLsD5Hu6
                                                                                                                                                                                                                                                                                                    MD5:8EEDE205D84FB9D0616299087709C8CA
                                                                                                                                                                                                                                                                                                    SHA1:7C11C93337DEE5512B00461AA05C89370C359517
                                                                                                                                                                                                                                                                                                    SHA-256:A255106084E71E18D36ECAD87D75A99B8C90396B6E442FF14BAA6D97835A16CA
                                                                                                                                                                                                                                                                                                    SHA-512:E8CE573564FE1BDF3E87591D28D6C6ED29BC5350939CAD920E18A2BA7A6E6A529D275AE7BB02BFA1CA26599E02805FAB79A9A1E0D3AD6A19F7A87C0B716BDECB
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........1 ..e.D...h.N...i.V...j.b...k.q...l.|...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................".....*.....1.....8.....?.....@.....A.....F...................................d.....y...................................].....z.....|...................................).....K.....^.....v....................... .....E.....O.....[.....w.............................).....7.....O.....h.....r.....{...................................<.....g.....................................................E.....R.....s.......................#.....K.............................".....<.....a.....d...................................-.....4.....7.....8.....K.....Y.....g.....t.......................N.......................2.....I.....................................................5.....f.......................@................................................... ....."."...%.Z...'.....(.....*.....+.....,.....-.......d.../.....0.....1.....3.....4.B...5.q...6.....7.....8.".

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar-XB.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):712330
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.97624122183868
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+Kqx4+Cctq285/XvYUtwEU2kqBr5CNbW+eTTvZEMgSENOu:Lqx4AMUO55j+V
                                                                                                                                                                                                                                                                                                    MD5:A7B5B684DF199EA522C8EECEF0F506B2
                                                                                                                                                                                                                                                                                                    SHA1:C8C7E74F2D3DBFB9355D95CC219CB5A2A570739D
                                                                                                                                                                                                                                                                                                    SHA-256:495FD1D06C4E8FD753157881957C09D2601A4F1C73ABB35F12AC6D56335C80C9
                                                                                                                                                                                                                                                                                                    SHA-512:B56BAC232E42C1C413BD462842BDA191892440CB46E4C3FEBD4774A3EB7BEC7F5BB5CA15FC13D29160BDFDF548F68BA63868252F5511FAD48C220F7B01E3531B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........j...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|.......................................................................+.....b.....r.................(.....6.....@.....f.....n.............................#.....E.....q.....{...................................*.....=.....m.........................................<.....Z.....b.....u...............................................@.....v.......................,.....6.....>.....E.....f.....y.............................:.....V.......................'.....8.....S.....o.........................................".....8.....T.....[.....^.....h.....r.............................=.............................5...............................................4.....i.............................S................................................... ."...".?...%.s...'.....(.....*.....+. ...,.>...-.U........./.....0.....1.....3.....4.>...5.e...6.....7.....8.....9.7...;.R...<.s...=...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ar.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bg.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):738261
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.738498127158114
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:V5dIE0qVw2kMLlYrdAs1aQUx41aVVwslMLOmFOFv35uKN31tqbDM4bV2JfuD4Kjf:V510qJkulYrdAs1aQUmBsmGv35uK7mgc
                                                                                                                                                                                                                                                                                                    MD5:F7847CAB878E8B58E0F47B93B8262349
                                                                                                                                                                                                                                                                                                    SHA1:3815FAA394A66F1B3CB02828960F84A8D0BB39B1
                                                                                                                                                                                                                                                                                                    SHA-256:B3FC3DCBCB5C0CCF912E3A33875E9E1AFCB922F26686F35C63C52F39F5E5818B
                                                                                                                                                                                                                                                                                                    SHA-512:75001A5A2B76BDA8598B6EFB54DD48B579B7CB46FE4D5EFD91F160368283F2CB0CD6905392C353814340B1BE8496E950F989DF22CA5706C5977E00C80B0DCECC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.)...l.4...n.<...o.A...p.N...r.T...s.e...t.n...v.....w.....y.....z.....|.....}.........................................................................J.....l.............................C.....s.............................:....._.....a.....e.............................0.....W.....j.....z.......................:.....`.....l.....v.......................3.....p.....z.........................................4.....c.......................B.....t...............................................R.....h.............................=.....^.......................5.....K.....m.............................;.....j...............................................!.....2.....U...........n.........................................Q.........................................`.................$.....`.................,.....>.....T........................... .....".....%.D...'.n...(.}...*.....+.....,.....-.......d.../.....0.....1.....3.....4.]...5.....6.....7.-...8.`...9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bg.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bn.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):949300
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.345070145183075
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:M7nMTtKiOJMOaieXQcYBhmk/yC8Hf4J7gPdWhkkBbd8IDl5120XlG0+O:M4VOmOzgQc+pOdWvBbdJ5blj+O
                                                                                                                                                                                                                                                                                                    MD5:9DBA99A7A508F9B0E1A0BEC36B767707
                                                                                                                                                                                                                                                                                                    SHA1:954FCB9B612AD428B23F2D3C11A102B75E69EF5A
                                                                                                                                                                                                                                                                                                    SHA-256:35C4F02875D37AF6BEAF584D2E9DEF0216B1B6F84B2418FFC17AB7C71108D4AA
                                                                                                                                                                                                                                                                                                    SHA-512:82EEC73093FA177B583B68225E7776D73A066067C6DD86CE3A02705FEF3DF1521B2786870A2A6C4C950B44D203242FA1A20A2C7866D3E84D5532829EC6DEC173
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.....l.9...n.A...o.G...p.T...r.Z...s.k...t.t...v.....w.....y.....z.....|.....}.......................................................................................................%.................7.....[.....g.................4.....q.....s.....w.......................E.....z.......................6.....d.................'.....=.....L.....n.................<...............................................'.....T.......................Q......................................... .....L.....h.................4.............................,.................3....._.............................%.....T...............................................*.....U.....l...........$...........P.....h.................;.........................................0....._...................................r...........8.....G.....f........................... .....".2...%.....'.....(.....*.....,.....-.E........./.....0.....1.]...3.}...4.....5.+...6.....7.....8.B...9.a...;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\bn.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ca.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):461854
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3817847308967615
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:+c5k0UFA8gG5PAk4N3Mw2juw788orHjIs3cejEYBCq94d3nbhjJSwHQliEwfwVKo:XBx7gUg/AMNFC6pup5BIkV
                                                                                                                                                                                                                                                                                                    MD5:3C0AE49A6994B108AEC886BEDAC1EC3E
                                                                                                                                                                                                                                                                                                    SHA1:30325EFA9988049B180EC0B23A23EED48588CB62
                                                                                                                                                                                                                                                                                                    SHA-256:7AFA1066F2375D0729A669DD9A52F4EDA68D52B55E6EF8B15B4B941C643C7AE5
                                                                                                                                                                                                                                                                                                    SHA-512:866C83CC660EC5077DD4FCA6D32B29F11C96B5001439905B2651BBA5D902837B025161BB39F4F2AF3EFE6E501DB90A44ECE28395A2D10168FE521FAD9E74D76D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.%...l.0...n.8...o.=...p.J...r.P...s.a...t.j...v.....w.....y.....z.....|.....}......................................................................... .....:.....S.....s.........................................1.....9.....l...........................................................".....3.....Q.....k.....{.........................................*.....F.....L.....X.....k.....{.....~...............................................$.....A.....U.....Z.....b.....i.....{...............................................-.....<.....m...........................................................0.....E.....[.....o.....v.....y.....z.........................................0.....r.....z.......................4.....D.....[.....`.....j.....u.....z.............................".....D.....\................................................... .....".....%.4...'.P...(.\...*.y...+.|...,.....-.........../.....0.....1.F...3.V...4.u...5.....6.....7.....8.....9.....;.....<.".

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ca.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\cs.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):467265
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.824404053822733
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:McR1TcLaecQ9MYOx4onAIw4X568YCGKNDskc+8Qwsy:M41TcueV95OxtI4X568YCbNDsv
                                                                                                                                                                                                                                                                                                    MD5:454151CCD59409B9B0735C44D97C1E67
                                                                                                                                                                                                                                                                                                    SHA1:25E93F0E966CDA17DA512DD509949A70D209ECF3
                                                                                                                                                                                                                                                                                                    SHA-256:502393F16F4AC8EF7C93A7F78C6802A4AC0D7576958F7815B2337946874F3CCB
                                                                                                                                                                                                                                                                                                    SHA-512:537FB2C06E188D9111B9967908CAEF571A9EC9EE094B24BE92C5BD8F715D9DC7A09270073C0616F86D44798C98CC33A37E368CC6DCC06035325C131244FD75CD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........t...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.-...t.6...v.K...w.X...y.^...z.m...|.s...}...........................................................................................1.....:...................................$.....,.....h.....}...........................................................&.....P.....l.....|.....................................................6.....;.....C.....T.....c.....i.....s.....z...............................................3.....;.....C.....J.....P.....`.....y.........................................'.....2.....a.......................................................................(.....=.....D.....G.....H.....U.....b.....i.....t.......................O.....U.............................!.....=.....O.....\.....e.....o.................................../.....`................................................... .....".....%.8...'.T...(.c...*.....+.....,.....-.........../.....0.....1.J...3.X...4.u...5.....6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\cs.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\da.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):425118
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.432607242805654
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:mosWhu/faAJFrQ5cy9Sua0FwlGVJJwFXlwp3vwN59TrBGzO7i1yd4tTWwHzzZhSE:WqAjqdJKlwy5BrmTj
                                                                                                                                                                                                                                                                                                    MD5:807FA4FF2606D4CDD0F175F741519FD7
                                                                                                                                                                                                                                                                                                    SHA1:1F61502C8A387FE44E49518C6C449402D4FEFE5F
                                                                                                                                                                                                                                                                                                    SHA-256:9F78F287BB6DE3B4CBB8B5133AE9663225BA34E23826F403DBC61618FFFE389C
                                                                                                                                                                                                                                                                                                    SHA-512:BE6624E27B8422BD7A89B5869B52945DB93FBCD7FA6E08BAB25FA9F026B45E317174243AF6B6BB5C0E69C982AE6179E702330CD94A5DE16D953A94C18FFC9936
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.'...j.3...k.B...l.M...n.U...o.Z...p.g...r.m...s.~...t.....v.....w.....y.....z.....|.....}.........................................................................=.....K.....[.....o.....w...............................................M.....f.....h.....l..................................................... .....0.....A.....X.....h.....n.....v.....................................................#.....'.....1.....6.....P.....g.....~......................................................................./.....7.....J.....z.....................................................&.....>.....A.....N.....[.....f.....z.......................................................................P.........................................).....8.....=.....G.....I.....O.....].....z...................................H....._.....c.....l.....{..................... .....".....%.....'.....(.....*.&...+.)...,.G...-.W.....{.../.....0.....1.....3.....4.....5.....6.7...7.H...8.[...9.h...;.x.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\da.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\de.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):459687
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.477949434102681
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:bsqroOkVzfaAWlhB3K7UpzZhMhGaaU8WUmhY63+yWzhqf3w5RgTGlIvaCB+:bNriVVQB3K7UpchbaKKyWj5fOSCB+
                                                                                                                                                                                                                                                                                                    MD5:BBA45DC5749DFB460614556E0A49A9B7
                                                                                                                                                                                                                                                                                                    SHA1:5D565D690AC74A32B82C0C6855F38081CDB8B63C
                                                                                                                                                                                                                                                                                                    SHA-256:10DF0B376A3D09C3B12D9E6804BDE6A519D4593FC3A6F22967108507B355DBB5
                                                                                                                                                                                                                                                                                                    SHA-512:F843EE3A36012ABD7A416FDE71F61911B41BF4B3195A1392ACE656D4AF9CFC4E7229B38419E4BC83DAD93E6B94A18C88AAF8AAA277456C2AC053FD9DE8EA0C60
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........:...e.V...h.Z...i.k...j.w...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....X...............................................6.....>.....G.....m.....u...............................................,.....A.....K.....T.....`...........................................................(.....s.................................................................!.....H.....q.................................................................&.....;.....r.........................................!.....0.....C.....Z.....].....p.......................................................................".....3.....z.......................H.....^.................................................................<.....c.........................................$.....4.....J.....S.....U... .Y...".f...%.....'.....(.....*.....+.....,.....-.......C.../.Y...0.a...1.....3.....4.....5.....6.#...7.7...8.K...9.Y...;.i.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\de.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\el.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):806678
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.819439037786533
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24576:+rjaquXiSGiBlEaH52202pptHA5jmorJvaRA3HRsDiEYQ3C1gf2ns4ix13W1rk2I:BquXiSGiBlEaHA202pptHA5jmorJvaRt
                                                                                                                                                                                                                                                                                                    MD5:A0293FEA161CF75808BDA97313DC61B4
                                                                                                                                                                                                                                                                                                    SHA1:EBBD349D619A5C2778BF397B42032899540471B0
                                                                                                                                                                                                                                                                                                    SHA-256:F521E4DBC24D2BBDE59BED08A0E43E99A3EFC61751EBA928A6217555596AA501
                                                                                                                                                                                                                                                                                                    SHA-512:8F798DD73982F9C850F57B854FDA3CE7BFA50AE92ABF7100F1A1B2F36F7FD90338A6274365EB431FC37D3145B4DF5A85299137D0898A7B2F46BAA9F2A23700C6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.!...l.,...n.4...o.9...p.F...r.L...s.]...t.f...v.{...w.....y.....z.....|.....}.........................................................................T.....{.....................................................0.....8...................................0.....}...................................m.....~.............................+.....H.....f.................1.....9.....M.....t...................................&.....R.................=...............................................6.....d.....|.................&.....7.....v.................O.....f.........................................1.....T...............................................&.....8.....K.....c.................!.....1.................A.............................-.....@.....N.......................R.....................................................Y.....n.....p... .....".....%.....'.3...(.@...*.....+.....,.....-.......].../.....0.....1."...3.G...4.....5.....6.Q...7.y...8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\el.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):369964
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.49231945985521
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:mfhZJf2iNPhl57JicaMP9egutWbfaYw2SBr5ZXSdBrFtY:2hreiH0jMetWG2O5JS7Y
                                                                                                                                                                                                                                                                                                    MD5:E6D0CEF4B51EA55F3A277EEDA5C0FDED
                                                                                                                                                                                                                                                                                                    SHA1:914010CE9C2141662BD21E74494EFE190CBEADDF
                                                                                                                                                                                                                                                                                                    SHA-256:98E53C8FD5E8671728264978FEB77CB616A058D626393568BD2E56D0183448B5
                                                                                                                                                                                                                                                                                                    SHA-512:799A4AE17C07E4FF8D29CAB0F44DBFA78514ADF96A2A43100E33AF2BAD849F1F964179A7AF89564279B150DDFCE8E27E0338638C2102C3A53B443B1290BE82CC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........L.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.$...v.9...w.F...y.L...z.[...|.a...}.s.....{...............................................................................................N.....W.....n.....v.....................................................!.....8.....<.....G.....W.....^.....j.................................................................4.....G.....K.....S....._.....l.....p.....s.....y.......................................................................!.....*.....5.....R.....Y.....h.........................................#.....,.....5.....?.....M.....`.....c.....t.........................................................................................0.....].............................................................................-.....H.....a.....................................................!.....3.....;.....=... .A...".J...%.j...'.....(.....*.....+.....,.....-.........../.....0.....1.G...3.U...4.i...5.....6.....7.....8...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-GB.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-US.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):373504
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.483135629021323
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:RfgIM1WbkiiuEkeFwMP9ecTCPMfaYUgpIn5X+S6n8P56wS:6Jgki4/aMbCPxgY5uSd6wS
                                                                                                                                                                                                                                                                                                    MD5:A93A5C83E482A4BC56736BB1451A88DA
                                                                                                                                                                                                                                                                                                    SHA1:AFA0C1F46B6245ED9301BC9C2AA46402B6D10C37
                                                                                                                                                                                                                                                                                                    SHA-256:446764ECF3939C35E90F61C928EC55D445D83A483A19FAFD38AF378A70FD06C7
                                                                                                                                                                                                                                                                                                    SHA-512:550278670B857B15A8AF557BC7D127695155AC16A0B61947F891040421C08BFED0AEA26ECCF0C45303B82B801801F6C2CAF7FD0561DAE97632B0EC2EB1BB2212
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:......... ..e.....h. ...i.(...j.4...k.C...l.N...n.V...o.[...p.h...r.n...s.....t.....v.....w.....y.....z.....|.....}.........................................................................@.....M.....\.....l.....s...............................................3.....D.....F.....J.....r.................................................................!.....4.....8.....>.....N....._.....h............................................................................. .....5.....H.....].....i.....n.....v.....}...........................................................&.....6.....d....................................................................... .....4.....;.....>.....?.....F.....N.....V.....].....b.....m...................................+.....6.....Q.....W.....i.....m.....w.....|...............................................1.....Y.....n.....r.....y........................... .....".....%.....'.....(.....*.....+.....,.+...-.<....._.../.m...0.v...1.....3.....4.....5.....6.....7.$...8.9.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-US.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):818920
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.225604589646124
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:24576:gElt13N3VWICwHEhssGbeoPXeQYZix6GvGxEi+dtymy1ptuYtP0DYV5z9SjzMHhL:70x5z9f
                                                                                                                                                                                                                                                                                                    MD5:F0F119776F8902ECE0D424BEC7DC1B44
                                                                                                                                                                                                                                                                                                    SHA1:9756ACA390B2409D70A0662097C19CF0DA8F53FE
                                                                                                                                                                                                                                                                                                    SHA-256:BB4B6EAF901AD35D7AF91B9C9AA6C069BB9FEFDF96F39D8B964ECA970D2E3624
                                                                                                                                                                                                                                                                                                    SHA-512:3C78F52F3ED6DDD319B1E93F11B0A771DB52C91194E511891A95C3C8BD90C3FA484CF216B5FD38FB02C129ACE38B7930205432EB473347644DF22DF06837D74A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........1 ..e.D...h.R...i.Z...j.f...k.u...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................&...........5.....<.....C.....D.....E.....J.............................(.......................,.....H.......................5.....8.....E.....p............................./.....E.....d.......................D.....x...................................h...............................................).....Z.............................I.....|...............................................e.....y.................7.....R.................-...................................".....&.....O.....x.......................E.....L.....O.....P.....f.....z.............................7...........!.....2.......................;.....M.........................................2.....t.................K.................*.....8.....L.....j.....}............... .....".....%.....'.V...(.r...*.....+.....,.....-.......Y.../.....0.....1.....3.A...4.z...5.....6.:...7._...8...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\en-XA.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es-419.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):451082
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.365359947832186
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:GcvO0pepqlODnYgapWM55tLF2NA7RJjmvc:9v4pql9pv55hFr7+c
                                                                                                                                                                                                                                                                                                    MD5:8BB85A07A8C8062E4B31AB31EDAEF05B
                                                                                                                                                                                                                                                                                                    SHA1:E6D21EE720EB3BFF1D60AA591CB640295E6452BC
                                                                                                                                                                                                                                                                                                    SHA-256:6D2D52D2F1DE4792CEAD101B474557AE1F35CEDD17812A74467FC6906E7150D2
                                                                                                                                                                                                                                                                                                    SHA-512:53C03449CB384EAEC5F5973A3DEEFF742C789110FD78BF59463EFB59886FCDF330DA63B285F97623ED0DCC0852A1105CE6AAB061FD42923B458FB9E92F60B334
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.*...h.....i.7...j.C...k.R...l.]...n.e...o.j...p.w...r.}...s.....t.....v.....w.....y.....z.....|.....}................................................. .....!.....".....$.....J.....\.....k...............................................:.....B.....................................................-.....<.....J.....X.....y.....................................................(.....i.......................................................................D.....h...........................................................#.....+.....9.....o.....|.........................................!.....3.....Q.....T.....e.....x.............................................................................U.......................8.....S.....t.....................................................:.....R.....z.............................,.....2.....:.....H.....j.....u.....w... .....".....%.....'.....(.....*.....+.....,.....-.D.....n.../.....0.....1.....3.....4.....5. ...6.g...7.y...8.....9.....;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es-419.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):449641
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.3410197991498976
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:te1Jt73CD+8wjgfUcp9Dh4r62jb454rV7dvocjrZ6PZik8jC:g73SB9pdh6Djb454rnoANC
                                                                                                                                                                                                                                                                                                    MD5:DD5B9D427B99137DABA5989F7E67C384
                                                                                                                                                                                                                                                                                                    SHA1:1784940B903FB245CC77CC6FD745ADA5F16CCE53
                                                                                                                                                                                                                                                                                                    SHA-256:9F1A664BCF1DFEE8D97C9AC2379F2C1B50426BF3A8AFB2D21CF62230000BCC93
                                                                                                                                                                                                                                                                                                    SHA-512:4A75D81D5EAA949BD08F07E5D1A486B0B590A23D170C0885556CCAD9985328E633E20FAA09A6CCC9E33FA939C45213ACA622A316D509F3E2B780F670011E47B0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.*...k.9...l.D...n.L...o.Q...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.........................................................................:.....M.....].....r........................................./.....7.....................................................!.....0.....>.....K.....n.....~.....................................................J.....c.....i.....v.....................................................'.....J.....n.......................................................................O.....\.....u...............................................4.....7.....J.....].....p.......................................................................B.......................+.....F.....g...................................................../.....G.....n...............................................,.....N.....Y.....[... .g...".{...%.....'.....(.....*.....+.....,.....-.......E.../._...0.f...1.....3.....4.....5.....6.8...7.I...8.^...9.p...;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\es.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\et.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):408358
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.4425055036605965
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:P8jXU34fM+9F0x6i0GLHn4hWJbT/R/WiO3o5wjT43xcLQSMPQA:P8e4fRFNHeOo5wjC
                                                                                                                                                                                                                                                                                                    MD5:3A454FBEC334B4AC33F3FCF416CF89D4
                                                                                                                                                                                                                                                                                                    SHA1:24782D739C219C7EC828F5B6D76159B3A3A1773A
                                                                                                                                                                                                                                                                                                    SHA-256:CB133BDB9050FD72844B1C95D7ADC3505EAF107B9967A5C691E6FA5A9669C970
                                                                                                                                                                                                                                                                                                    SHA-512:0134A57B32FB70076C7FA41EA8F94DA3ED147DC594EC97C1D8D9BFD7718DB06D32106822CC5128044108C3FEF541A9FEF7F20FECF21CCD1C84B6FB65A7254952
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.:...h.>...i.O...j.[...k.j...l.u...n.}...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................#.....*.....1.....8.....9.....:.....<.....n.....~...................................(.....2.....H...........................................................:.....F.....U.....a.....l.................................................................6.....L.....R.....Y.....i.....y.....}...........................................................2.....7.....?.....F.....L.....X.....o.....................................................@.....T.....a.....m.....{...................................................................................$.....,.....7.....p.......................-.....E.....^.................................................................0.....R.....c......................................................... .....".....%.V...'.....(.....*.....+.....,.....-.........../.....0.,...1.U...3.`...4.w...5.....6.....7.....8.....9.....;.%.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\et.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fa.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):656765
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.101840403038776
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:qrW10NX9nAZ+nEcdUT4imdAQifaQ2XxFvG8oO6dpxHsAQi6STfwIkwNUWGOGfStW:qfAZ+nEcdUT4imdAQifaQ2XxFvG8oO6Y
                                                                                                                                                                                                                                                                                                    MD5:FD5FAAE7D093381D6EA88BBA4B1E8405
                                                                                                                                                                                                                                                                                                    SHA1:EAF6BE12A5FD806D3C832CBBF65A23F6761002F8
                                                                                                                                                                                                                                                                                                    SHA-256:8C984B2A840AB7556B0517184F9F5B619AE1676BA0DB75F5681FE00AF9384495
                                                                                                                                                                                                                                                                                                    SHA-512:EDFF986E2401CC4D9F62D572E0C03201212E9E02B4EF33B131D1C0AE3939F25887F114C5BB521FC64960CA3144A59EBC25FB4C4759C4D3284B01A96E5C533189
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........J...e.v...h.z...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....p.....u.............................,...................................?.....G.........................................B.....H.....].....{.............................2.....b.....{.............................&.....K.....W.....h...............................................).....]............................. .....(...../.....9.....J.....^...................................1.....X.....l...................................D.....k.....n.........................................#.....&.....7.....H.....Y.....g.....n.................^.................E.....f.....~...................................(.....4.....`.......................%.....K.....x...................................H.....[.....]... .p...".....%.....'.....(.....*.8...+.;...,.Y...-.}........./.....0.....1.3...3.B...4.s...5.....6.....7.=...8.v...9.....;.....<...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fa.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fi.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):416306
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.419257610642948
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:KgnxzA0x1a+zOQbhCQx8sd/yOE/BanGLLV57JucHcEJ18OWUcJfSUWCLX1wC2:K+AC1BqHBBaY57JxHcEJ18OWUQB2
                                                                                                                                                                                                                                                                                                    MD5:F4A82E4A7629D5AB29A7CD33E95D5699
                                                                                                                                                                                                                                                                                                    SHA1:1A6CAB2E16FB6CC00392E4B926D203EF13918594
                                                                                                                                                                                                                                                                                                    SHA-256:4BC6644D92C51CCBC0C9F5917F2DF8903A69D73ADB1F4B902318E6C13155EAF8
                                                                                                                                                                                                                                                                                                    SHA-512:8139E125B01850F91A75DAE0E9CE7663C4B660E13FD66225B22C8D4E0276402323D75D0914919F4FB91DCFBB7E5230091F8C4F8DA067A8B0FFED103C29C16118
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........Q...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....e.....m.....t.....{...........................................................;.....D.....a.....h.....x.........................................7.....N.....k.....p.....~.......................................................................(.....i.....v.....~.................................................................H.....d.............................................................................".....7.....G.....x.................................................................$.....3.....F.....M.....P.....Q.....Z.....b.....i.....p.......................\.....d...............................................+.....>.....B.....U.....q...................................2.....E.....M.....S.....c.....t.....|.....~... .....".....%.....'.....(.....*.....+.....,.3...-.U.....r.../.....0.....1.....3.....4.....5.....6.L...7.k...8.....9.....;.....<...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fi.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fil.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):467377
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.19076999652674
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:vER2E4T/FFpUd/3xyEDQTrIKL0VCSNFeFXG2Z3Emy5kzmHqFAkx3B8:8Rm/FrRM4CCiOy5MmT
                                                                                                                                                                                                                                                                                                    MD5:563F42A82196F1682317F8BD49B296B7
                                                                                                                                                                                                                                                                                                    SHA1:D817278DDA949D3B5CCA3FCF49A7C715365442D0
                                                                                                                                                                                                                                                                                                    SHA-256:DAC5B613C7E6D612BBC5CBA091C69A6C8BC603FA37E3738445EF7FEB30F1ABF0
                                                                                                                                                                                                                                                                                                    SHA-512:1B4F4F8D161D4FC4A88E41338A83F92DC83F4B13A70BC531A166681AB236B2FE2FF491EAFD08AF77B437BB8D9A644CD7F0667E0F4405E3E293584800099A104D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........;.e.....h.....i.....j.....k.....l.....n.....o.!...p.....r.4...s.E...t.N...v.c...w.p...y.v...z.....|.....}.....................................................................................'.....=.....D...............................................(.....D.....F.....J.....s.....................................................%.....:.....].....p.....x...................................%.....,.....2.....G.....Z.....b.....e.....k.........................................".....4.....9.....A.....H.....O.....`.....n.........................................%.....7.....j.....................................................(.....A.....X.....q.......................................................................m.......................*.....7.....a.....i.....}...............................................).....N.....m.........................................0.....>.....@... .G...".W...%.....'.....(.....*.....+.....,.....-.......,.../.A...0.J...1.~...3.....4.....5.....6.....7.....8.9.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fil.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fr.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):488210
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.366970751752098
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:YLta7Cfg6EE0SA6QuagV1mz8sUZ7MYnYV1S3BA54xlqE0wCDooLljgnkH0o85kEM:YL7gsVwDa5Jw
                                                                                                                                                                                                                                                                                                    MD5:06B8E88A6B4B878B712C817918BF6A0E
                                                                                                                                                                                                                                                                                                    SHA1:60F118E0B435195166B70574B745962F952B413D
                                                                                                                                                                                                                                                                                                    SHA-256:51D3930F63CC8A9276B1783D6F062BAB1C1890A6194954ECF6AA9D9F98DA76E9
                                                                                                                                                                                                                                                                                                    SHA-512:FA355461B234EDAA87021FFE828B1DA810F8E707C3B953356B9A3FC79C7BD8A9FF18328D73137304CB3E9C93CA489482BB13B262C252CF2A11972AF59E03BFC9
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.....l.#...n.+...o.0...p.=...r.C...s.T...t.]...v.r...w.....y.....z.....|.....}.....................................................................................-.....?.....J...............................................Z.....i.....k.....o.....................................................@.....X.....j...............................................4.....:.....G.....[.....p.....s.....v.........................................".....F.....X.....^.....f.....m.....s.....................................................8.....L...........................................................5.....M.....d.....|.................................................................Y...................................5.....?.....W.....^.....h.....q.....u...................................Y...............................................%.....'... .3...".L...%.o...'.....(.....*.....+.....,.....-.........../.9...0.G...1.....3.....4.....5.....6.!...7.2...8.J...9.`...;.s.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\fr.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\gu.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):928759
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3908477829138794
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:mAGdd442UogblYAPf/dyV/GQoyLy/Lud8vijZwmJSgSJNmUBOjdBjFGTE3Meq6QB:mAGdShUogb6APLlnMwsR5rqhnU/yz
                                                                                                                                                                                                                                                                                                    MD5:FA15A58ADEF4E051CAAB10A4FAFC1F97
                                                                                                                                                                                                                                                                                                    SHA1:921041F65CDBD82DAFB2DC9A5615EA95FC74F10D
                                                                                                                                                                                                                                                                                                    SHA-256:9D8EB0FF29B11B444B478C7D0932CBA16865AFB7A7B563BE94298D333085678E
                                                                                                                                                                                                                                                                                                    SHA-512:DC0EA9551BB27C2269BAED1AE26C9BB852613948E845BDDB558A9EED80708A8C10E5E7EC3D06C98FBDE7BBD8DCCE051F6239D5D8D69C65CB3841F66ED3720D24
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.:...k.I...l.T...n.\...o.a...p.n...r.t...s.....t.....v.....w.....y.....z.....|.....}.........................................................................................................................+.....@.................&.....^.....`.....l.......................3.....k.............................).....L...................................7.....S................. .....9.....^...................................%.....P.................).....r...............................................b.....q.......................L.................?............................. .....J.....M.....m.............................&.....-.....0.....2.....K.....d.......................C...........W.....y...........N................. .....@.....I.....j.....v.......................J...........+.....W.................L.....[.....}........................... .....". ...%.n...'.....(.....*.....+.....,.&...-.Z........./.....0.....1.m...3.....4.....5.....6.J...7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\gu.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\he.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):579797
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.714252719100701
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:n+Ztw/OuE2t1nrOp/mTLa2/AeN4OL600AfhXVjeQCapba5M7oFpMb254lmdADnw9:+LnR5woX
                                                                                                                                                                                                                                                                                                    MD5:AA9F19B8566087CE53F0D14803BC62F8
                                                                                                                                                                                                                                                                                                    SHA1:B1A8C94FA39F9D47CCB070076E3685FFABF68EA1
                                                                                                                                                                                                                                                                                                    SHA-256:8E65B136031C1B6F41CE47CE18CEA3F036062CFFF6514BBB9D8773F4D0C26A73
                                                                                                                                                                                                                                                                                                    SHA-512:58389D3DB5909F88CA654EDD0D178AA6ED0712179CAB60AAA3B9886590A50B26DD3157A01210C5E428B132FF95529D07584A3E621462F78ED0A05378A48EDBA7
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........f...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.............................................................................0.....I.....\.................................../.....7.....v...............................................".....A.....Z.....s...................................#.....-.....B.....X.....i...................................,.....0.....A.....I.....w.............................G.....x...........................................................*.....e.....x.......................&.....I.....^.....s...............................................".....8.....O.....V.....Y.....Z.....d.....y.............................g.................D.....b.....................................................-.....g.............................9................................................... .....".(...%.Y...'.v...(.....*.....+.....,.....-.........../.2...0.?...1.|...3.....4.....5.....6.(...7.A...8.V...9.j.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\he.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hi.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):981754
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.362200210462209
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:0RZHvfuf9H92bciDDkDtOTByntDPtDlkpl/M5rw3kw3Ldb3VjgFSgf4QAEm5dmGV:07HvQH92bcNt5K5MNjsH
                                                                                                                                                                                                                                                                                                    MD5:CA496CF659324CA6E68800AAE944E314
                                                                                                                                                                                                                                                                                                    SHA1:385AFB704EF1B09E380D0F5443E78327983F3CC2
                                                                                                                                                                                                                                                                                                    SHA-256:0495C995D3425E8F15D68E7566CE0F2F49B9D31300721A9AE559506B2692DC64
                                                                                                                                                                                                                                                                                                    SHA-512:6F2F22942014E66D1FCD78368B8B162CA82D382B3D326DCF9ADFE183424C4A03077E2E5464DA22BCE3D93DBE5711B5984ECAD0D5E090859E508A9D3D3B2CFFEB
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........l...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.&...t./...v.D...w.Q...y.W...z.f...|.l...}.~.......................................................................N.....p.......................n.............................H.....`.............................6.....e.............................0.....f.......................n.............................!.....L...........".....;.....J.....r...................................R.......................i.........................................-.....M.......................R.....w.......................n.......................;.....d...................................E.....o...............................................%.....F.................(.....>.................P...................................1.....C.....u...........!...........:.....l...........%.....[.....j................................. .....".9...%.....'.....(.....*.....+. ...,.>...-.~........./.3...0.J...1.....3.....4.(...5.U...6.....7.....8.O...9.t.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hi.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hr.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):451509
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.499166093757418
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:GdrGj4s/8/GIo7t/5y+wUtr1RTJCWOS+NG0uPXbG4TT6WI6DkYAiKbeM/wXbnH0O:7j4K8/g7hw0LHZ0x5+E7GD1Ln
                                                                                                                                                                                                                                                                                                    MD5:145D3E13135870DD24239953FF984476
                                                                                                                                                                                                                                                                                                    SHA1:AED9E0E95FE00E8E7643FE44F529337379D41E77
                                                                                                                                                                                                                                                                                                    SHA-256:2B0B2A49F31A3DC7486EC0878B058479BFBF8BED2B55BEA800D838E0034E41AF
                                                                                                                                                                                                                                                                                                    SHA-512:F3EB182B4DC1CF1F5C6DDE7878518287029CA8A141821F11DC252BD0DC696972E1EFEE73F156C236DB98CE98DBAD7C608B5C25A65E61DC20BA3E4A7518D50EA3
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.:...h.>...i.O...j.[...k.j...l.u...n.}...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................#.....*.....1.....8.....9.....:.....<.....e.....q.....}.........................................*.....O.....W.................................................................%.....4.....V.....h.....w...........................................................%.....-.....:.....N.....S.....V.....\.....p...............................................#.....+.....2.....:.....F.....\.....p.....{.........................................-.....T.....`.....q.....|.....................................................'...........1.....2.....=.....I.....N.....V.....b.................1.....9.........................................&.....1.....;.....A.....V...................................,.....^.....r.....z................................. .....".....%.....'.....(.-...*.L...+.O...,.m...-.........../.....0.....1.....3.....4.%...5.C...6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hr.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hu.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):485610
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.632296665266366
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:5S5x+yHKSfe4Cky1tV5z8iZfGRzEY6xb9Sam7gXOWelQi5/R7azNtGXNS2n58dpB:5S5xh6V5z85kU7BfQi5K+/g
                                                                                                                                                                                                                                                                                                    MD5:60694A732B5A05494C89122A92C303B8
                                                                                                                                                                                                                                                                                                    SHA1:988BB6F2CFBF69E309CD07C35C0662D039DA8BFD
                                                                                                                                                                                                                                                                                                    SHA-256:7B909E029786B930F7A95B4DDF8BBC22393737CCF2B380D4E5F89B2D4EED8966
                                                                                                                                                                                                                                                                                                    SHA-512:173AD4C5BA9196D11D396F6F07E188001BA996AE62DB53432E763BA99F0388EFE96EFA6559CD201BA0103C4101288625DF12688F7FA348DD20C3C361F40459C8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........y...e.....h.....i.....j.....k.....l.....n.....o.....p.'...r.-...s.>...t.G...v.\...w.i...y.o...z.~...|.....}...............................................................................&.....<.....Q.....a...................................E.....M.....}...............................................".....5.....<.....C.....q...........................................................Z.....v.....|...........................................................U.....}.....................................................(.....A.....K.....^.........................................,.....<.....J.....Z.....v.....y.........................................!.....$.....%...../.....<.....L.....V.....m...........<.............................0.....b.....o.....................................................H.....y.......................".....*.....5.....M.....o.....x.....z... .....".....%.....'.....(.....*.....+.!...,.?...-.P.....~.../.....0.....1.....3.....4.....5.,...6.d...7.....8.....9.....;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\hu.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\id.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):400068
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.362511679528426
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:iSJrxMe5fVpT0jNH9S2fjtVnjHFNRmP2x1Pr5+Rh1vtTtSLsEaoQ:iwWe5fzSN8eVnjHFfm+xFr5+RhT
                                                                                                                                                                                                                                                                                                    MD5:026D0B735904201C1DB29AF55394A261
                                                                                                                                                                                                                                                                                                    SHA1:79426EEA50FCD5E8C48770FCC9C942635A4F6DD4
                                                                                                                                                                                                                                                                                                    SHA-256:F235F8CE57AE548C6941F102E1EF94F8C5AE94337D5EC0C72F5E6C10E69B8077
                                                                                                                                                                                                                                                                                                    SHA-512:F6D62CFFD30487E285AF3DC0A9CE454CB4323E9B7C03B17CB9F18FC7E84A97BA0649F73B05B022BDC5C9F462B079665694B5884D65061143F019F1CE93A94262
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k. ...l.+...n.3...o.8...p.E...r.K...s.\...t.e...v.z...w.....y.....z.....|.....}...............................................................................#.....0.....@.....G.....................................................!.....#.....'.....O....._.......................................................................&.....+.....>.....L.....].............................................................................&.....B....._.....}.................................................................#.....8.....G.....b.....q.....................................................(.....9.....H....._.....t.......................................................................(.....T.....X.......................................................................6.....M.....r.....................................................7.....B.....D... .L...".^...%.....'.....(.....*.....+.....,.....-.........../."...0.&...1.Z...3.l...4.....5.....6.....7.....8...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\id.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\it.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):448998
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.27234505282843
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:eS8VLXqvT0CuFktqx5FhgSrqRrhsO1vGT9TeLAGiXRx2gY7OfLwHkWc7gh8Hryeh:2LSglHzZkT8+uQx+Me5PzoK
                                                                                                                                                                                                                                                                                                    MD5:820140824FAA6312963A98D2A8420598
                                                                                                                                                                                                                                                                                                    SHA1:EA10EAFF0CDC83A268863E4759575F9DB52B1BDA
                                                                                                                                                                                                                                                                                                    SHA-256:0CB46521C655496F1CCB2074DC822ADCBD579FCE25BC010EF932F5378366D3F5
                                                                                                                                                                                                                                                                                                    SHA-512:05AD9254ADD5D1A8440207C5E0A7C248CF790A681A1437DAFF857997359F2BB041B82E09A51E1E65BC38110685DCD07D33BC8D7ED3C5BD67D7E35612C08516B6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................C.....V.....e.....~...............................................&.....q.................................................................".....B.....R.....d...............................................*.....2.....=.....Q.....e.....i.....l.....s.........................................=.....M.....S.....[.....b.....g.....q.....................................................).....S.....z.......................................................................F.....M.....P.....Q....._.....j.....t.....z.......................\.....b...............................................&.....2.....7.....L.....l...................................E.....W.....\.....d.....{..................... .....".....%.....'.....(.....*.....+.....,.:...-.K.....q.../.....0.....1.....3.....4.....5.)...6.x...7.....8.....9.....;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\it.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ja.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):543994
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.778992635698025
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:Flc1BpuKUUbv4QRRcYOX2JqWVgy0XMU0rRpZd2hyANSnQPkw2ICd9KhUNH7bbeCz:jctuErdRKv2DFQgRpZd2unUCP5Y1oxVl
                                                                                                                                                                                                                                                                                                    MD5:40DDDDC8C0B60C95CD44F91FD5735D73
                                                                                                                                                                                                                                                                                                    SHA1:D28FD7E4348B725497F16536300AC8B9CC8385AF
                                                                                                                                                                                                                                                                                                    SHA-256:608845029AF6AC603A2C067D4926A2B9831E14A7C051B740A895654620AD9342
                                                                                                                                                                                                                                                                                                    SHA-512:8747B36729FD88E2C73F24BE90CED02896D8C352AF7C4290AAB9653B522DCCE8CF698B9160EA7817D4386E22C0379B41128AD78D3E1D07293C0440EB2375F2DA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........O.e.....h.....i.....j.....k.....l.....m.....o.....p.....v.....w.....y.!...z.0...|.6...}.H.....P.....U.....].....h.....p.......................................................................<.....B...................................X.....`.................................../.....P.....\.....k.........................................$.....?.....E.....T.....c...................................).....G.....e.....k.....n.....t.......................!.....Q.................................................................:.............................-.....Z.....o.....{...............................................@.....i.....................................................2.................................................................&.....,.....5.....P.....t.............................&.....~............................................. .....".....%.9...'.u...(.....*.....+.....,.....-.......G.../.e...0.n...1.....3.....4.....5.....6.d...7.....8.....9.....;.....<.....=.....>.7.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ja.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\kn.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1061186
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.2942223071338175
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:ZSLX8cKZlS7y/L+OXRfh7n7N5UrUt+7G+jjaM:EKvfD5YUw
                                                                                                                                                                                                                                                                                                    MD5:3BA2AAA49D5EC2E9EA9BC0D31328670E
                                                                                                                                                                                                                                                                                                    SHA1:5D3F16E968278A8B19C1A6564BE9B79A07F8E527
                                                                                                                                                                                                                                                                                                    SHA-256:4213118ED1D7C1B3256C6DCCA4B844C7F8B49CFE9B46F5A8A82C7A9C821B36C7
                                                                                                                                                                                                                                                                                                    SHA-512:52BEA5D140B14C5EF6200100520995FEFCFC331F11838763E222FB2039795100045496A3DAFF82B532C0F14C783A2E78870DB3992CC0CA4FA584FAA0A83F8405
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........}.e.P...h.T...i.e...j.q...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.............!.....).....1.....9.....@.....G.....N.....O.....P.....U.................U...................................&.....8.................<...................................O.....j.......................Z.................'.....z.............................0.......................I.....z...................................u...........#.....s...........H.....v.........................................N.....c.................1.....^.................R.......................3.....S.............................Q.........................................*.....N.....l.................I...........t...........'.....R.....z.............................<.....N.....Z.................]...........Z.................\.......................'.....b............... .....".....%.X...'.....(.....*.....+.....,.....-.:........./.....0.....1.w...3.....4.....5.3...6.....7.....8.2...9.x...;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\kn.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ko.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):456640
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.13332768312632
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:UdmRn267JIWR4XCWt8Oh5J768CqP5P7XKI8CtCq7hUo5AC:pQdJb5386AC
                                                                                                                                                                                                                                                                                                    MD5:A66FFBB1769BA88B8E1385D82F4CF7D7
                                                                                                                                                                                                                                                                                                    SHA1:EE92480F5040352B5FD1DECF177E1770B6DA832E
                                                                                                                                                                                                                                                                                                    SHA-256:6D30C8C5DCA8545FF1D995C2D49953BC0BFF59C2E9AD486B3360B4EAB440E15B
                                                                                                                                                                                                                                                                                                    SHA-512:6C3541E281BCCF39A0237CBC73A971882B25AEA699C06FECA2654B85B44D490B2D0D3B11126B8511C302F74F9DE7CEBFA762E6C1CEFD920C0A988FE3AB643868
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........b.e.....h.....i.....j.....k.....l.....m.....o.....p.....r.....s.....t.....y.....z.....|.....}.,.....4.....9.....A.....L.....T.....c.....h.....o.....v.....x.....}...................................C.....P.....j.....w.............................".....$.....(.....P.....f...........................................................'.....7.....=.....C.....P.....g.....t...........................................................6.....L.....b.....|.....................................................'.....>.....[.....g.....t.............................!.....S.......................................................................5.....<.....?.....H.....Q.....W.....a.....r...........>................. .....3.....F.....n.....z.....................................................-.....M.....d...............................................).....+... .....".8...%._...'.....(.....*.....+.....,.....-.......`.../.}...0.....1.....3.....4.....5.&...6.\...7.r...8.....9.....;.....<.....=.....>...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ko.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lt.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):490878
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.617469745479319
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:hi4hXdIMl4wFJCLDoU9c57dzvLOeJu6Sf:3BCM1m4uc5NOkm
                                                                                                                                                                                                                                                                                                    MD5:20AAE2DAE770F0882980D4013303C969
                                                                                                                                                                                                                                                                                                    SHA1:932F0B105A358051DF1F369B142047365712DF3B
                                                                                                                                                                                                                                                                                                    SHA-256:FA9B253110FB4C343AABC88A603FACF4B64F382E075ED3B74A00C8EE97C1AF23
                                                                                                                                                                                                                                                                                                    SHA-512:5FB00294842C7439361A5E33D287CCE0CDF7CA1C03A0CE1936E6B069F73A0EC8EAC6164838C72DBA98970204305669C27B389615FDD4A989A6ED52387496BBBE
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.!...k.0...l.;...n.C...o.H...p.U...r.[...s.l...t.u...v.....w.....y.....z.....|.....}.........................................................................0.....>.....K....._.....j...................................9.....A.....x...........................................................$.....8.....h.....z.....................................................(.....>.....C.....M.....j...............................................&.....L.....r...........................................................1.....?.....h.....{.....................................................+.....C.....F.....\.....o.............................................................................U.......................T.....r.........................................#.....*.....C.....|.............................2.....f.....}....................................... .....".....%.....'.:...(.U...*.~...+.....,.....-.........../.....0.....1.D...3.U...4.u...5.....6.....7.....8./...9.C.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lt.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lv.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):488765
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.609256387422649
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:DB0dNTFnU9b55xVJ6QN4tVFHimuti4Goo3W3gb3u5EZanXnEJ9ArraszLOAtyeiE:V0dNTFOb55l6m84GVWMu5LEqb0/hU
                                                                                                                                                                                                                                                                                                    MD5:EB30118F4F95854DFD4EE1C7174C18DC
                                                                                                                                                                                                                                                                                                    SHA1:5C9F8993EB9FC2D49F09026EFF1B5F7A21E47D42
                                                                                                                                                                                                                                                                                                    SHA-256:C89A6904923C09D4D1664662D0DFE1C245450AAEB6503FAAC13A55F4FBF59ADC
                                                                                                                                                                                                                                                                                                    SHA-512:474244F8123E0DF0186BB80E1704B447DC0888A23E2BFBD1307A50B984035668543DC41287111EBFE5BB1E48A6A9841E46C0CE4AC72083DE3D8EF3A9138A3DE1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h. ...i.1...j.=...k.L...l.W...n._...o.d...p.q...r.w...s.....t.....v.....w.....y.....z.....|.....}.........................................................................C.....V.....i.............................*.....4.....<.....d.....l.....................................................%.....5.....@.....R.....z...........................................................P.....b.....j.....s.................................................................2.....G.....`.....h.....p.....w.....................................................F.....`.....j.........................................5.....8.....I.....\.....n.......................................................................6.......................,.....M.....m.....................................................".....9.....m.............................'...........7.....G.....h.....u.....w... .....".....%.....'.....(.....*.....+.....,.....-.A.....k.../.....0.....1.....3.....4.....5.....6.U...7.u...8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\lv.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ml.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1100846
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3318104202851995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:0wx8oLnfO147/URV+LIMmWDcZubSAD7qwDX3eThk5m/7dZlO39P3:XKuOKQyX3ey5m/7FO3J
                                                                                                                                                                                                                                                                                                    MD5:E50D1787D0FEAA25E66261E86771ED11
                                                                                                                                                                                                                                                                                                    SHA1:5B49F610DA8618E97694E5EEA5925816D1225661
                                                                                                                                                                                                                                                                                                    SHA-256:A4F83324E8D8B563138DDBF5AD5B08BC6595D79F11FBA267AFA815F0309C1390
                                                                                                                                                                                                                                                                                                    SHA-512:0C5B8E49E846F3F14D2A26D7550398773AE504FB717529A29564B10329AD242B3FB05E980712B1A7A25A8DCDB34195EC0F8EB912C88425958539BCA04FEAB9B4
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.>...h.B...i.S...j._...k.n...l.y...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................'...........5.....<.....=.....>.....C.......................n...........I.....q...................................4...................................3.....Z.......................$.......................n.............................@.....t...........K.....i.......................#.....&.....J...................................A.........................................8.....`...............................................O...........A.....{.......................4.....7.....{.................1.....d.........................................'.....C.....~.....+...........t...........1.................u............................. ...../.................i...........e.......................<.....Z.......................#.....%... .:...".....%.(...'.v...(.....*.....+.....,.....-.H........./.....0.....1.....3.....4.....5.a...6.....7.=...8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ml.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\mr.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):905444
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.3700341187989995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:0//GqXtoG7QSiEjJGDC5N8JGVXZ4tIYHFFPMUh3RQR3KB+5lx14/H4bmHwMaZ0qC:0XvXtR7Qn0AaEV6N3i01ZJ5lgeAPV6g
                                                                                                                                                                                                                                                                                                    MD5:E175D7BA8A7C6D8A444C2E34921F909D
                                                                                                                                                                                                                                                                                                    SHA1:C4C06BA5DC5016C996A1B5CB55B064F9A62289E1
                                                                                                                                                                                                                                                                                                    SHA-256:DEC1D50CC8F2D97EF5EDCA22FE8A655C6EAB7584968D56209F4B151DA9B5B17E
                                                                                                                                                                                                                                                                                                    SHA-512:1B555A1B81686847C5833F8EE5E8557F1450AE594C39B9572FD9122785D071D0A460C00E92C432767EFE3A008D7D6D528185E8C2DF6E7239EF8891A53BEC4288
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........n...e.....h.....i.....j.....k.....l.....n.....o.....p.....r."...s.3...t.<...v.Q...w.^...y.d...z.s...|.y...}.........................................................................I.....k.......................?.....[.................................................................8.....k.............................N.......................5.....T.....p.............................j...................................$.....'.....C.....m.......................[.......................&...........5.....A.....d.....}.......................x.......................!.......................'.....J.....g...................................%.....I.....|...........................................................9...................................".....;.....[.....d.....y.............................k.........../.....^.................>.....M.....l........................... .....".*...%.~...'.....(.....*.....+.....,."...-.b........./.....0.....1.r...3.....4.....5.....6.k...7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\mr.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ms.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):417381
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.2493620409639625
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:eWR3NcTpbIxFd+ulcHlYWki/nSO55ZoNY3MMyve51:ebixnolY10n35WYcMP
                                                                                                                                                                                                                                                                                                    MD5:CEFA443462AE0EA758B46324A12FD00D
                                                                                                                                                                                                                                                                                                    SHA1:FFE6EDB0FE896AA1F32667B67ACCDCB2621BC592
                                                                                                                                                                                                                                                                                                    SHA-256:F68AAFF7EC78D49CDB6A52E50ED0A74A8F3E5B5F011A403A07DD46CA4B967726
                                                                                                                                                                                                                                                                                                    SHA-512:179135A40A1EBBD7B2C6766B4B46F1B31D88A7828EF9DFB947D45DC701C6D9808E4809AF433E2F5AD81D6760279E633CCAC12819FED429053EDBD881FA2C0B1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.<...h.@...i.H...j.T...k.c...l.n...n.v...o.{...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................#.....*.....1.....2.....3.....8.....b.....u.........................................!...../.....R.....Z...............................................!...../.....@.....J....._.....{.................................................................6.....=.....D.....V.....c.....g.....j.....u...............................................+.....0.....8.....?.....D.....P.....^.....y...............................................0.....M.....[.....d.....o........................................................... .....#.....$...........8.....C.....K.....Q.....].............................<.....M.....^.................................................................3.....O.....c.....{................................................... .....".....%.9...'.R...(._...*.y...+.|...,.....-.........../.....0.....1.'...3.4...4.S...5.f...6.....7.....8...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ms.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nb.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):408439
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.411769320605486
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:HwMF5XXHUa54NIh0HYMqOp7fQcbgtmF07S/znz5an4aYnOGnVI:HwMjXXMvHYMqOp7fQcuSrz5an4EGVI
                                                                                                                                                                                                                                                                                                    MD5:83767479DF4CAB18086149A719AAEEF6
                                                                                                                                                                                                                                                                                                    SHA1:C07C5A6DC8606C3DEE22AF2AD1F13E2D42EAF697
                                                                                                                                                                                                                                                                                                    SHA-256:B3D8B7DE75F6FE3BFE2A16E370C66F04983029360698309955B3FCA5B6C1F965
                                                                                                                                                                                                                                                                                                    SHA-512:2A52D6484AAD2741201AB84242848EB6844587253E4E3D5342C481BCC958EA0E9543E0C4F213CA70D32805308AD5C3DF969A4A74EF0C2259600D4C60E6CED919
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................1.....<.....K.....^.....f...............................................D.....[.....].....a...........................................................*.....;.....Y.....h.....n.....t................................................................. .....%.....D.....W.....l.......................................................................%.....-.....:.....j.....u...........................................................(.....+.....:.....G.....R.....d.....t.................................................................8.....i.....m.............................%.....5.....G.....Q.....U.....Z.....k.........................................?.....R.....V....._.....l..................... .....".....%.....'.....(.....*.....+.....,.,...-.=.....e.../.v...0.{...1.....3.....4.....5.....6.....7.3...8.O...9.b.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nb.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nl.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):422154
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.353063450109155
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:tbsEhYWmQ1ogdD35EXHapau3D+qngCA5qPxnGpLMse2PW:lhYWmBgdD35EFUzA5qPxnGpLMKPW
                                                                                                                                                                                                                                                                                                    MD5:FBD50CBF0DB12AD090B20ACA790A556E
                                                                                                                                                                                                                                                                                                    SHA1:610B785BAD90077251E6AC38808A8C6A0F296886
                                                                                                                                                                                                                                                                                                    SHA-256:0547012278456452DEED3D580A9E6C03953221148809B15BD5DF3302EF20A9E3
                                                                                                                                                                                                                                                                                                    SHA-512:2D6013CC26B296FC16B792843F26D94AD7E18BDA9FFDFAE0669373319D8562506C8D053E9EDC48AC0A0C88B705883A3CF701C587C7D23C6CDCF2893620FB6676
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k."...l.-...n.5...o.:...p.G...r.M...s.^...t.g...v.|...w.....y.....z.....|.....}........................................................................."...........>.....O.....X...............................................$.....6.....8.....<.....d.....|.....................................................*.....J.....d.....i.....r.....................................................0.....4.....7.....B.....Y.....n...............................................".....)...../.....=.....M.....d.....k.........................................?.....R.....b.....l.....z.....................................................!.....$.....%.....2.....?.....I.....S.....d.................#.....*.....f.....{.................................................................K.....n...............................................!.....3.....;.....=... .A...".N...%.j...'.....(.....*.....+.....,.....-.........../.....0."...1.[...3.g...4.....5.....6.....7.....8.....9.....;.).

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\nl.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pl.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):471103
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.746768038516502
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:mXdw+WoOB/OQjSoM/Z+Xgv3iWhbhvPeCUdiUIVTmNF1QhjRd5Xp405Z:t83V+1Qhj5nZ
                                                                                                                                                                                                                                                                                                    MD5:907EFFE53F2638072A4DA07A9A971CD4
                                                                                                                                                                                                                                                                                                    SHA1:CFE926FA63DDFEEE896F703C4871ED81A881B0B8
                                                                                                                                                                                                                                                                                                    SHA-256:ABAD2C3A54A4EE14D455B17F91943D0A40594E32902E54D58BE1707DE06BF997
                                                                                                                                                                                                                                                                                                    SHA-512:9C7EFF9F05186CD5CA5E4481D578C9B3CE51D7DB77F28D4716C26AD576CF4CEA7E57A82C2678D0ECA8497C255E4AF5587A45150A8AD389A20BF11E30D3C9944F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...r.W...s.h...t.q...v.....w.....y.....z.....|.....}...............................................................................=.....K.....`.....i...............................................[.....p.....r.....v.....................................................5.....@.....O.....h.....y.................................................................+.....0.....9.....>.....S.....h.....}...........................................................&.....4.....F.....Q.....a.........................................7.....A.....R.....[.....k............................................................................. .....*.....1.....B.......................!.....w.........................................).....3.....8.....M.....r...................................V.....m.....t.....~........................... .....".....%.....'.....(.....*.>...+.A...,._...-.........../.....0.....1.....3.....4.1...5.O...6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pl.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):443620
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.412684484371738
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:hFf6vJieI5vQDoNBXBLJBNYJ5+ySM5BqJVliUoR1pgKU:hFf6BRN58JHFoR/6
                                                                                                                                                                                                                                                                                                    MD5:834640BC1FB6FD7287D3B98E25F04A47
                                                                                                                                                                                                                                                                                                    SHA1:4C6E9C88CD92BAC2C935E138117BDEB4011FF5AE
                                                                                                                                                                                                                                                                                                    SHA-256:8FB1124F9E42E20E686C27869F0B84C540AD97A60289E08647BD0F7089366D3C
                                                                                                                                                                                                                                                                                                    SHA-512:9C05E40F64043B41912F037A4F4F74C3291498D89450CCB5DFE55C5EE6519D3A6CE98F033017507AD15FA123A08582EFBF717579DE4C366CCC261BEB46EBF337
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........3.....[.....m.....}................................... .....(.....R.....Z.....}.................................................................(.....K.....d.....~...............................................?.....X.....^.....i.....y...........................................................".....;.....N.....T.....\.....c.....i.....t............................................... .....O.....q.....{...........................................................%.....<.....C.....F.....G.....P.....Y.....b.....i.....y.................3.....;.....y.................................................................<.....P...................................'.....-.....5.....C.....^.....i.....k... .o...".....%.....'.....(.....*.....+.....,.....-.......9.../.M...0.V...1.....3.....4.....5.....6.....7. ...8.8...9.K...;.[.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-BR.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):446253
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.388051012085628
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:wyLrwVPwdieJVJJxh4hwXDtJE65IKC4R4x6i:wUQdS465IKC4R0
                                                                                                                                                                                                                                                                                                    MD5:C1E579647BB7AA499EF89A8CC783C6C6
                                                                                                                                                                                                                                                                                                    SHA1:F0FC9E9B5591B7038F5BB0533EE542BDABAF5F37
                                                                                                                                                                                                                                                                                                    SHA-256:4D42B05A0DE6F1D663AD86D62DEE335F61108D29D0E8FAB08C19BC2EFCC928F8
                                                                                                                                                                                                                                                                                                    SHA-512:103EB5AA0066F804527C7EED8930FE075BB49FAF0AD845021306E00C87121D86E658F47D93CB7200E779CBE790E2C9F4D83BB93128D1F2724986C8683C026F6D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.H...h.L...i.]...j.i...k.x...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...................!.....).....1.....8.....?.....F.....G.....H.....M.....v.........................................1.....=.....E.....f.....n...........................................................%.....3.....A.....e.....u.....................................................7.....P.....X.....c.....s...........................................................'.....K.....[.....a.....i.....p.....v.....................................................$.....3.....`.................................................................).....@.....T.....[.....^....._.....h.....q.....z.............................F.....N..................................................... .....%.....<.....].....t.............................6.....O.....U.....].....i..................... .....".....%.....'.....(.....*.....+.....,.%...-.<.....k.../.....0.....1.....3.....4.....5.....6.b...7.v...8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\pt-PT.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ro.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):458477
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.446141312347163
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:32VwjXkenSFcFGwY+vhEsi+5SB0oms21/SUuMIr:32MXkZFcFGwY+vysi+5SKoi/Ir
                                                                                                                                                                                                                                                                                                    MD5:B9ACB0B48426F4C4F96B48B355775ABF
                                                                                                                                                                                                                                                                                                    SHA1:5F2AAD3C4584D3235BBC86CFF645C2646A88A3FE
                                                                                                                                                                                                                                                                                                    SHA-256:3D8B85179005DCE202177564C31508C673B829CFBA216E8B0DDDFD5FD90F96CF
                                                                                                                                                                                                                                                                                                    SHA-512:5FC2ACF88814AB955C9FF764B95A54CD620C2499B24D143CC1C7BDAD0CA17B6CB7B487F56A14BF971AAFCA7DD83D6239CF5AD63239CF016F43BD9461DA687612
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...r.U...s.f...t.o...v.....w.....y.....z.....|.....}.........................................................................7.....F.....R.....`.....k...............................................Q.....c.....e.....i.....................................................G.....W.....j.........................................'.....G.....N.....W.....q...............................................,.....L.....z.......................................................................L.....[.....i...............................................+.....M.....P.....a.....s.............................................................................d.......................f.....{.....................................................-.....Y.....p.............................E.....b.....i.....t........................... .....".....%.....'.....(.....*.4...+.7...,.U...-.o........./.....0.....1.....3.....4.....5.6...6.w...7.....8.....9.....;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ro.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ru.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):743909
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.906332450632079
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:vEF0PDlU85z+o2vesNCgAypY5eXN2hHO3j/jHXzvMBJJekice8P/XzFGGJn/aL/G:v/mYpU5O6d+
                                                                                                                                                                                                                                                                                                    MD5:8BEC94F6E485797069AE24329E027644
                                                                                                                                                                                                                                                                                                    SHA1:6EC97175ED7D8450C2CDE58321909C340BF212AD
                                                                                                                                                                                                                                                                                                    SHA-256:7422472754F10C1D9303E5B806868EFE33B321E7FD4E8EF3020542C70371FF8B
                                                                                                                                                                                                                                                                                                    SHA-512:93CBACD7FDC7ABCCD6487A4260B8CA440E3337DE6322D051C224EDC7F8F069BF86F5EAB7BB544E035F25EE3E5D747242E8D70D9D83524EC95C88D6FCC30BA6AB
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........F.e.....h.....i.....j.....k.....l.....n.....o.....p.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}...............................................................................5.....R.....j.......................5.....?.....I.........................................(.....?.....w.........................................>.....g...................................&.....................................................%.....U.....n.......................$.....R.....s...............................................'.....D.............................>.....m...................................&.....E.....h...........................................................,.....D...........K.................c.............................@....._.....s.............................5.......................I...................................8.....I.....K... .Y...".x...%.....'.....(.....*.Q...+.T...,.r...-.........../.....0.#...1.y...3.....4.....5.....6.j...7.....8.....9.....;.....<.....=...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ru.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sk.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):474197
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.796371185797891
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:BwkT6UoukXiMmypiIsz5ykHSL9aQCLGLr:BwoaSyyz5wL/
                                                                                                                                                                                                                                                                                                    MD5:83D03F5D30A2890F49681CE9CF8D945F
                                                                                                                                                                                                                                                                                                    SHA1:225E2506733AE3BA042A47D21E47D7B653B37240
                                                                                                                                                                                                                                                                                                    SHA-256:7DD78D32C5630318BC17143506F476E28A69A28CCF4A78D13A36A87942BB49B1
                                                                                                                                                                                                                                                                                                    SHA-512:B55C6E03689E9683DAB53A5205B85FDCFBD00B6A3809AD3FB24FAAAB25D5771E84E8179E43AB33C81183F3315BE599B1ACF28B90905C8734DB30039AAC105F99
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...r.j...s.{...t.....v.....w.....y.....z.....|.....}.........................................................................E.....Y.....a.....s.....~...................................K.....S...........................................................(.....3.....H.....z...........................................................9.....U.....].....j.....z.....................................................*.....D.....T.....\.....d.....k.....s...............................................;.....L.....t...........................................................(.....8.....K.....a.....h.....k.....l.....z...................................V.............................;.....|.....................................................&.....V.....y.......................(.....0.....<.....J.....d.....n.....p... .z...".....%.....'.....(.....*.....+.....,.....-./.....\.../.u...0.....1.....3.....4.....5.....6.8...7.M...8.d...9.|...;.....<...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sk.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sl.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):455747
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.471265599209893
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:txjqTm20FJ1UhYiBi2iiBnnbANjbnPMum4ocyxPbPD/gpmukzrBftjQL9x55RdFX:t5qTm20FloAmDmx5Btc8O+i/fzOBqg
                                                                                                                                                                                                                                                                                                    MD5:35FF7224040E127F9F967434C37118C3
                                                                                                                                                                                                                                                                                                    SHA1:264185378EE0E17D72ADEF1C46FA7D30895CE393
                                                                                                                                                                                                                                                                                                    SHA-256:BC4BB6E82D1BD69784C9D6429A16B8FCF0F18E76A3BC47BAFF7C644DACA9947D
                                                                                                                                                                                                                                                                                                    SHA-512:596709AB36AE75A8B3D92755A7B77F708527FA602D35ABC351DBF2A054E125ECA65F3A2E883F5016393E7CA9002B7672DB52FE64702027373F13C0AB03104918
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........~...e.....h.....i.....j.....k.....l.....n.....o.$...p.1...r.7...s.H...t.Q...v.f...w.s...y.y...z.....|.....}.....................................................................................(.....8.....@...............................................M.....`.....b.....f...........................................................,.....9.....O.....\.....d.....m.....|.................................................................$.....8.....R.....k.....................................................$.....4.....X.....k.....v.........................................#.....C.....T.....c.....o.....~.......................................................................&...........4.....<.....G.......................!.....n...............................................)...../.....B.....m...................................F.....\.....c.....j.....w..................... .....".....%.....'.....(.....*.)...+.,...,.J...-.n........./.....0.....1.....3.....4.....5.$...6.^...7.v...8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sl.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sr.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):697252
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.832513071380482
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:KIuNmECs8K5mIRIS151Nqex1zs+Do58P9xTmvWF37sQKk/k/c:g3TYado5Mxiy
                                                                                                                                                                                                                                                                                                    MD5:E319B545CCD6BF90F74DE647309F62F0
                                                                                                                                                                                                                                                                                                    SHA1:467BDDF6487564BE39EEB9E258C6AC22C4A3C385
                                                                                                                                                                                                                                                                                                    SHA-256:25364E9162E72D1570FA65B511450AD3BE5634226B7A77D629ACA513CFCE88B3
                                                                                                                                                                                                                                                                                                    SHA-512:A6C1745CFB78A716AB156DA0BA5FC3D30DDD54FA3F797822DDFF46F370F706F9788EDBEE96DE9E35423369B923874C5AF29C5C934D2B70A86A14F684DD5069BC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.2...i.C...j.O...k.^...l.i...n.q...o.v...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,.....-...........0...................................t.............................K.....S.............................#.....G.....{...................................#.....:.....S.........................................6...............................................%.....1.....P.....t.............................c.....................................................$.....G...................................P...................................4.....7.....R.....s.................................................................=.....S...............................................R.....k.........................................K.....v.................6.....g...................................O.....d.....f... .z...".....%.....'.....(.....*.O...+.R...,.p...-.........../.....0.....1.k...3.....4.....5.....6.[...7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sr.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sv.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):412271
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.521747520074924
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:SpWKVMotFyAAD6AjQwix+Byx5jvVn4bLXvu9M3SOVDE/xUDv6X5gI5ngbR0h:SpWKVMotF6D5DBM55p5r
                                                                                                                                                                                                                                                                                                    MD5:06C595F7386FF0F787BCF4A844D6C96E
                                                                                                                                                                                                                                                                                                    SHA1:D7CC2AD1F1CB0A7B0A3BF61E8DF4C820C25BCCD2
                                                                                                                                                                                                                                                                                                    SHA-256:40CF2DADC9F650C7496641B903D1AFDCCBBBCCBAD6E453627913FE90E3D72777
                                                                                                                                                                                                                                                                                                    SHA-512:56A43024A65C4CAF811D176A6D3C760812684362A1747BBDDF46EB185514F8F9020EBBDB0AF4B6AAAC45CDC753A8A677EB78F535CBD87C6689C9A675746CAC8C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........s...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.#...s.4...t.=...v.R...w._...y.e...z.t...|.z...}...........................................................................................+.....3.....v...............................................*.....,.....0.....X.....q...........................................................+.....;.....@.....F.....T.....c.....k.................................................................3.....K.....j.......................................................................6.....C.....x...........................................................&.....@.....C.....S.....a.....n.......................................................................".....r............................. .....I.....T.....e.....n.....v.....x.....~...................................4.....Y................................................... .....".....%.....'.$...(.3...*.S...+.V...,.t...-.........../.....0.....1.....3.....4.4...5.I...6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sv.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sw.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):432206
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.330640729182769
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:on4GXcRk5d/3U/Brs8jMBguAGL5H1hZK+0ee:o0C5H6
                                                                                                                                                                                                                                                                                                    MD5:75E9A0A2068EA51D7B378EFA1D26CC3F
                                                                                                                                                                                                                                                                                                    SHA1:DAC05EB67616C7ACF0235E5AFC09067E8EF169BC
                                                                                                                                                                                                                                                                                                    SHA-256:BFACF68D9540B3549BDA32EB9C6D7AFAA9CAD8013D3443A0EABF9B79ED6CD08B
                                                                                                                                                                                                                                                                                                    SHA-512:240CC11D451347E8DABA5518900E98121CA0118AF1FAE397ED9187A6EE665A48CA45A58DF557483501DF7067BD9F4A7EE8516D5DE416DAF134A8A3EBD1353DD4
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h. ...i.+...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................?.....Q.....a.....u...............................................&.....[.....r.....t.....x.....................................................=.....O.....Z.....w...........................................................'.....;.....R.....V.....Y.....^.....o...................................&.....4.....9.....A.....H.....R....._.....p.........................................%.....:.....q.....................................................+.....>.....R.....h.....x................................................................. .....K.....P.................................................................5.....R.....p.............................-.....:.....>.....G.....b..................... .....".....%.....'.....(.....*.....+.....,./...-.O.....w.../.....0.....1.....3.....4.....5.....6.L...7.c...8...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\sw.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ta.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1092543
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.1104433988474876
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:3072:dKzC/m3KA+CvKEl49xW1yC5eS7zdtROcA2P5:d4t3z+649xW1yC5VzdtROcA2P5
                                                                                                                                                                                                                                                                                                    MD5:445217DF5B76FB6B2ED967D9444E5C81
                                                                                                                                                                                                                                                                                                    SHA1:41EC0925FD809C2BA7D4FA1433B4FAC879AE1AF9
                                                                                                                                                                                                                                                                                                    SHA-256:27515D6E4D7309D3BA32F2181A21764C075A8494672FC7758DB97867215E8E7C
                                                                                                                                                                                                                                                                                                    SHA-512:5D7E3CED82022C26156EBFB51EA7FB8DDB7C3D49A7A0AFA1DF805EB2CC2F6B9B0CF4D8FAA06BE03C1E851B915B3D6007834FB9A2D9D65597E180C237AE5B15FB
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........r...e.....h.....i.....j.....k.....l.....n.....o.....p.....r.!...s.2...t.;...v.P...w.]...y.c...z.r...|.x...}.........................................................................e.........................................].....r.......................u.............................G.......................5.....T.................,.....N.............................4.....].................t.......................<.....K.....N.....`.......................E.................S.....u.........................................X.....s.......................4.....g...........L.......................;.....^.............................Y.........................................&.....D.....Y.....l................."...........".................2.................7.....L.....s.......................=.....{..... .....................................................w............... .....".....%.I...'.....(.....*.(...+.+...,.I...-.........../.....0.....1.....3.....4.4...5.....6.W...7.....8.....9.!.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ta.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\te.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1012045
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.360647788345955
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:YcLfchj0Go9MbwV5W2ABv3p1F9YKiTlwJAgjNFO1Pr/p54JHQvfEC28+58XoX0DV:xF1H5qMRR
                                                                                                                                                                                                                                                                                                    MD5:7476811AA03BFE197691FF0B8A3A19C4
                                                                                                                                                                                                                                                                                                    SHA1:E0B397BC6010901F72502AD0841DB2AB43171228
                                                                                                                                                                                                                                                                                                    SHA-256:2ADEC6E6B5458FD516C905D1491211AFCCBA5753506CFD1EA04B5D34F14F55F5
                                                                                                                                                                                                                                                                                                    SHA-512:8D8D34A391A3D40A98ADC3C6A8738CB7130DD81CC1C608C59A2D71E71AA1E4197ABA835029887E3EE2C01434F69CFE058A8E9080E141CA11A8BE5CC01CAF8995
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.F...h.J...i.d...j.p...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}............. .....(.....0.....8.....?.....F.....M.....N.....O.....T.................?.....|...........U.....t.......................{.................j.....l.....x.......................1.....h.......................t.................Z.............................".....G...........&.....;.....b...................................t.................r...........A.........................................L.....n................. .............................A.................O...................................F.....h.......................5.....<.....?.....A.....f.........................................m.....).....D...........Q.................;.....m.....y.........................................w...........3...........!.....}.......................8....._.....a... .s...".....%.....'.V...(.c...*.....+.....,.....-.......T.../.....0.....1.`...3.....4.....5.....6.....7.....8.-.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\te.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\th.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):852101
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.418576770152647
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:/1OMxok30v7sX8AAkgs3s5UvTgLRflY6j8FCG1LDoAGkEeuLAD57Kle9d8nyj9FP:rGU5D5p
                                                                                                                                                                                                                                                                                                    MD5:C1ABA07EE8F2B1FCFAB48F65ACD8B970
                                                                                                                                                                                                                                                                                                    SHA1:3BDC88FFC23FC8A563D8F375797FDF759674C6C6
                                                                                                                                                                                                                                                                                                    SHA-256:B7CE43A5A68581EFEE0A8E22F73279C0742F1C30A501C6857C53B685BAE87949
                                                                                                                                                                                                                                                                                                    SHA-512:597836201782D0AA60D8430B088D9988D21873B02B696D7B227441975908AC8F321B530067FECDA81C4113B8BBD55A98F62BDF2BFB88DFCF435447F50DFE1552
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........I.e.....h.....i.....j.....k.....l.....o.....p.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}.................................................................(.....R.................@.....g.............................%...................................1.....j.....|.............................N.....m.............................'.....o.................u...............................................).....[.......................$.....W.....................................................=.....[.......................3.......................V.....t...................................7.....X.....u...............................................'.....L...........a...................................{...................................#.....J.................$.....`.................C...................................).....+... .4...".I...%.....'.....(.....*.4...+.7...,.H...-.x........./.....0.....1.....3.....4.....5.O...6.....7.....8.3...9.]...;.x...<...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\th.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\tr.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):439973
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.6078470873475785
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:ngBe436gcidvLkG2hPlJH+k/gm87GfTZ4I7WGgeO5s/0+fi1havX9vwiB6d0ml:g84KgcG2tlwXSB7M5s/8
                                                                                                                                                                                                                                                                                                    MD5:84F75EDDC9D2BD77F7C98B799D046DFB
                                                                                                                                                                                                                                                                                                    SHA1:BD9EDC0CFA43F43D4D7B27F20B2F888841B42A73
                                                                                                                                                                                                                                                                                                    SHA-256:6518A67D069C9C1440DBCB37426828DD477FC1A969EE25497755CB6073431D90
                                                                                                                                                                                                                                                                                                    SHA-512:1904F8E0EFC6FC5A137C38035EE0C4CE1E1C6971AAB4DFE92A6656C41DA57C55E8A59FF8DAC1BF2363EAD15B26C72DFF847BF01BEA0E58545E65E1E2F4CD3A28
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........w.e.\...h.`...i.q...j.{...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......&.....+.....3.....;.....C.....J.....Q.....X.....Y.....Z.....\...................................<.....J.....h.....u...............................................-.....C.....W.....^.....s...............................................(.....-.....3.....E.....X.....h.............................................................................S.....m................................................................. ...........].....j...............................................%.....8.....;.....K.....[.....m.............................................................................5.....{............................./.....X.....f.....v...............................................%.....N.....k......................................................... .....".1...%.[...'.q...(.~...*.....+.....,.....-.........../.....0. ...1.U...3.b...4.x...5.....6.....7.....8.....9.-.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\tr.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\uk.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):744996
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.93747456409381
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:3/8jkO/f93npysKtwXiNAnZxp5iB3IjE8ElLvLNiXEJq/Sqz+4uL2uad:3/8jHXltd5nEw
                                                                                                                                                                                                                                                                                                    MD5:8ABBAF223DFB09C163C6E076AFBDA068
                                                                                                                                                                                                                                                                                                    SHA1:F8294F5BCCE250E0F0D0B6ACDA9D0E3DF0DB763E
                                                                                                                                                                                                                                                                                                    SHA-256:A1C9332801D968B75ACFB2DCE491645229FE29CD7EB07E3E8A64BBF23A78204A
                                                                                                                                                                                                                                                                                                    SHA-512:BC3A902372947778A5421EBFC5B20149BFE4EAC63448C152D84EDCF77D1EB53027E66ACB818C3D850665E60976DC0FD7F5918319BFC29767A994BF03A505CC4D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........K...e.x...h.|...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....}.......................C.....\...................................q.....y...........*.....,.....0.....X.....s................................... ....._.....n...................................-.....S.....g...................................+.....5.....E.....U...................................H.....w.........................................".....F.....R.....k.............................Z...............................................C.....f...........................................................@.....S.....i...............................................X.....v...................................,.....h.......................O.............................,.....X..................... .....".....%.....'.C...(.R...*.....+.....,.....-.......Y.../.....0.....1.....3.....4.O...5.~...6.....7.....8.&...9.E...;.J.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\uk.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ur.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):648927
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.231061668152186
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:JBZGoF8Pz0nEkyKlpAV7/5g/zUExbW6DQQYrhu6co/9NjjFpvJN:JjzA5kWD
                                                                                                                                                                                                                                                                                                    MD5:2725B10888FC4CE99694497671F15926
                                                                                                                                                                                                                                                                                                    SHA1:0C952BA12FC15DA7AF42E5CAEDA05E6FADA9EB18
                                                                                                                                                                                                                                                                                                    SHA-256:3A1D2BED52DB366CC9924781D6D4C16B0A7EB6E75E431659FE494F42F1818026
                                                                                                                                                                                                                                                                                                    SHA-512:D683642268DD78C856B00C03060FF5E6AD2AD9252FFC9E8A0B983FB3A44FD9E8DFA81CBAF6740C76243A95B7F9247DB0F6FA83D8C3A39345B6ECED638FC64671
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i. ...j.,...k.;...l.F...n.N...o.S...p.`...r.f...s.w...t.....v.....w.....y.....z.....|.....}.......................................................................................................Z.....k...................................D.....i.....l.....p...................................;.....H.....r.............................B.....L....._.....y.......................=.....G.....Z.....y.........................................+.....Y.............................'...../.....6.....J.....b.....r.......................1.....D.....^.......................9.....H.....f.....s......................................... .....>....._.....f.....i.....j.....}.............................8.................$.........................................$.....2.....F.....L.....p.................?.......................8.....X.....d.....y........................... .....".....%.+...'.M...(.]...*.....+.....,.....-.........../.4...0.F...1.....3.....4.....5.....6.e...7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\ur.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\vi.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):519117
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.800519110490303
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:ANihca2kANnzs0qL6wSxXnzIcWl45m6Qa2if+URTJziV5pgx:A8ca2FNnzs0qewS5zQ25QFif+UtliV5o
                                                                                                                                                                                                                                                                                                    MD5:00A0FD98C05F191B6BAABE576760EBF7
                                                                                                                                                                                                                                                                                                    SHA1:13FFC26F0ECCA2976CCBC5F019E7E788501D4E87
                                                                                                                                                                                                                                                                                                    SHA-256:977BD7E4BB9998202223C5FCCF075F38D1EDD8594890071BD5760D97E83D260E
                                                                                                                                                                                                                                                                                                    SHA-512:F67D4826B5C283CB7EC4B812262DAADA25C19B1F556B81A5EA2EBE917F972AD3A5BACD8DA92E1CE1EE71D50698B2F590934BEE81E635E227767EE74943C84C4F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........M...e.|...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y."...z.1...|.7...}.I.....Q.....V.....^.....f.....n.....u.....|...........................................................c.....l...................................".....A.....C.....G.....o...............................................=.....O....._.................................................................*.....;.....T.....X.....[....._.....z...................................:.....J.....P.....X....._.....d...................................8.....I.....V.....v.............................$.....2.....E.....|....................................................................... .....,.....6.....H.............................U.....p.....................................................(.....b.............................&.....[.....r.....w................................. .....".....%.....'.9...(.F...*.k...+.n...,.....-.........../.....0.....1.E...3.R...4.n...5.....6.....7.....8.....9...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\vi.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):380186
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.717056244316995
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:9gXgWOgfLDVl6Mssy07EnCKEJ5kE0/5uNlEreVLrlS:9LWjfH7ss2nCKEJS/5uNlErZ
                                                                                                                                                                                                                                                                                                    MD5:8F82BF61B0CC4005E33EEDD4FD1D9DDA
                                                                                                                                                                                                                                                                                                    SHA1:5E7D8FB841B27D4FFF203073F92EFC3A368CAEA5
                                                                                                                                                                                                                                                                                                    SHA-256:5B96FCE610D0B2E4A34CA3CA25B151E12466AF79A5E971E823320045A994DE16
                                                                                                                                                                                                                                                                                                    SHA-512:E7D5C1373DCE52585B6CC5E18FACA61655AA6C1027E11A23244D1C64D670BBF6C0AD63A9063371C176D6EA88AAFA2A3DB0B6705E2EA57AF311A9AA6878877DB8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:............e.....h.....i.....j.....k.*...l.1...m.9...o.?...p.D...r.J...s.[...t.d...v.y...w.....|.....}......................................................................... .....).....5.....G.....M......................................... .....Y.....k.....m.....q.....................................................:.....G.....S.....e.....w.....}.......................................................................%.....+.....F.....[.....p.......................................................................0.....6.....B.....x...............................................#.....2.....A.....V.....Y.....k.....w...................................................................................:.........................................<.....H.....T.....Z.....f.....l.....r...............................................[.....p.....v.....|........................... .....".....%.....'.....(.....*.....+.....,.D...-.Y.....}.../.....0.....1.....3.....4.....5.....6.H...7.]...8.r...9.~...;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-CN.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):380102
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.722259133383302
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:6144:yFa1RTdPZMvT3kK9vee2DZuFv+b44H25uHz8wMCM/9yvA4xT6:yFa1RTdxYT0K9es+b44H25uHzgT/AW
                                                                                                                                                                                                                                                                                                    MD5:BB3F0B721B5E463657624D2CF0E0AEDF
                                                                                                                                                                                                                                                                                                    SHA1:070110F2EAB576670FD4B58ECDB46BA867225D28
                                                                                                                                                                                                                                                                                                    SHA-256:81BFDB7A87E43E0EAEE5C861701B8AEC8405010F90FE50410CF9D7C41A26C67E
                                                                                                                                                                                                                                                                                                    SHA-512:45B18ACAEF93BC74F3EF7B228BACED55E5DA5F0FB57E4EB4660F9D6FFE7267B37D6D60E5F16909E0A82ED73788399A6B8671768B6A65B93A7DCD803D5A9F43F3
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:..........7.e.....h.....i.....j.....k.....l.....n.....o.....p.$...r.*...s.;...t.D...v.Y...w.f...y.l...z.{...|.....}...............................................................................(...........}.........................................,.....;.....?.....C.....n.....}.......................................................................%.....+.....7.....F.....R...................................................................................$.....6.....H.....U.....[.....c.....j.....v...........................................................7.....U.....s.....|.......................................................................5.....8.....:.....F.....O.....[.....a.....k.....{.............................G.....Y.....k.................................................................:.....R.....d......................................................... .....".....%.)...'.A...(.N...*.o...+.r...,.....-.........../.....0.....1. ...3.1...4.I...5.j...6.....7.....8.....9.....;...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\locales\zh-TW.pak.info

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):851914
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.413131866730292
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:IOXumcizlm/ec0X2oZQkDPCMYVKQzAy37V:iAyh
                                                                                                                                                                                                                                                                                                    MD5:F2A134D21E79420E0E025B2F5D0E0564
                                                                                                                                                                                                                                                                                                    SHA1:E4F6EAD92945B87C3B980878C707467DC84CD616
                                                                                                                                                                                                                                                                                                    SHA-256:4C125A498BD06DD1CBBE3E4F05DCA6FA47CE19297AD9F92DF3AF65EAF0A05D67
                                                                                                                                                                                                                                                                                                    SHA-512:032E8C44C1EDBF6BA3EFFCE1D67E5355E926B5509C8AA3DCF15677EFE9FE3A2BF27D81D7D7FFAE3A5CAAE1755830AD016A11F1417DDDBF49977BD52083AAEE1B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1000,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1001,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1002,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1003,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1004,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1005,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1006,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1007,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1008,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1009,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_UNKNOWN,1010,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PROFI

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\node.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):17165824
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.464917740189311
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:98304:AWZECOCUw2edQ6tLMFTyrjcw92Kah2tKB0aFoUuexLh9bfDanDg3pErJYZGSCyWv:lZzEKXoKa203oxAbfoJYZGSC
                                                                                                                                                                                                                                                                                                    MD5:1F2EFB361F4E9A0E4A2B58368C256FD7
                                                                                                                                                                                                                                                                                                    SHA1:ED807BC5C16B73FCD34A0CEF641D54F296CF120E
                                                                                                                                                                                                                                                                                                    SHA-256:778D83F0F7ADD7D6CA086E1722745BC7B536DFF2A14BD0830B68C1480ABFB550
                                                                                                                                                                                                                                                                                                    SHA-512:C5E489AC43D8AB930F7E65AF878A7D095CB400464CCD1045803EE5FC861F774DF715DEFF0704A01E241FC2F76FC6BEA3FA2AF07F571C9A6822D42D2260E24A92
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....<.c.........." ...............x.z......................................./...........`.........................................P .....-........ ........(.H5...........0..Te..............................(.......8............................................text...6......................... ..`.rdata....{.......{.................@..@.data.....).........................@....pdata..H5....(..6...R..............@..@.00cfg..(.....,.....................@..@.gxfg...P.....,.....................@..@.retplne\.....-......z...................tls..........-......|..............@....voltbl..............~.................._RDATA..............................@..@.rsrc........ ......................@..@.reloc..Te...0...f..................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\notification_helper.exe

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1084416
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.535363560852196
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:12288:K4S7O1Nfsw01aIroj5KvVIvl9qxzoPGzMLJg6EAnpepcooxDaIlUwRCFPww2bQ7f:KxKN00Iroj5KvCmx8PGiyvFPvaHVW
                                                                                                                                                                                                                                                                                                    MD5:3514D858D245EA05B020E4F2374F6F38
                                                                                                                                                                                                                                                                                                    SHA1:F99C1730A6D63E182348BFBE4422839A99280105
                                                                                                                                                                                                                                                                                                    SHA-256:F7D77EA79EF8DB75030175885D46B06B3E515A074973FB61E3CE8EEE8194D246
                                                                                                                                                                                                                                                                                                    SHA-512:5472DDC6C969552BC7AB3ADB174B5E7B1B28AD10B3233A9F60F98ECF8D53DFA7A51C77BE5774A329A5330F80BA3AD2D86B39601B6476509041A2C6892C3F09AF
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........."............................@..........................................`.........................................(...\............`.......0..............p..P...............................(.......8............................................text............................... ..`.rdata...y.......z..................@..@.data...........@...l..............@....pdata......0......................@..@.00cfg..(............0..............@..@.gxfg...`+.......,...2..............@..@.retplne\............^...................tls....!............`..............@....voltbl.F.... .......b..................CPADinfo8....0.......d..............@..._RDATA.......@.......f..............@..@malloc_hF....P.......h.............. ..`.rsrc........`.......j..............@..@.reloc..P....p.......t..............@..B........................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):190247936
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.688042279715097
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:OZ3W5qR3jBCq1sMvFj3tJjm0qgls8+UyD5KAOHQFqv3KDm2BsdtllfRcx:SeUC4NnHhfPflpR
                                                                                                                                                                                                                                                                                                    MD5:19050D8C461AA314242B5A8D5CC0AF71
                                                                                                                                                                                                                                                                                                    SHA1:A8624E765C1495B7779F61BADED17CA08EF546E6
                                                                                                                                                                                                                                                                                                    SHA-256:BA0118D44C3068266BECFEA0B387472F1699F8CCB437BDEBA1590BB0DAA2EDF1
                                                                                                                                                                                                                                                                                                    SHA-512:9BDD0C24EA847CCC58934BC5CDE2EF0E3D00687B08A22D98CBE8B8A705A94BCF9648DA35BBF1DB2967419A9F67D01213CDE4AE04C3026AE4DA4444A28B27BE84
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ......W..........gQ.......................................k...........`A........................................;b..T.......|.... P.`.......HXV...........U.L...p...8......................(....ZN.8...........X...H............................text.....W.......W................. ..`.rdata..."...0W..$....W.............@..@.data...0[!..`...z...<..............@....pdata..HXV......ZV.................@..@.00cfg..(.... O.......;.............@..@.gxfg...`C...0O..D....;.............@..@.retplne......O......V;..................rodata.......O......X;............. ..`.tls..........O......j;.............@....voltbl.v.....O......n;.................CPADinfo8.....O......p;.............@...LZMADEC.......O......r;............. ..`_RDATA........P.......;.............@..@malloc_hF.....P.......;............. ..`.rsrc...`.... P.......;.............@..@.reloc..L.....U.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_100_percent.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):609794
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.963676081311792
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:979A087011C664B56B619BAFA2122534
                                                                                                                                                                                                                                                                                                    SHA1:186724CEBBB0047E88640AA0FF3498340CDD5703
                                                                                                                                                                                                                                                                                                    SHA-256:DB914FA3E593A30E4037EA26D482C9F6788A155D8B992B2778021766AA7BE49D
                                                                                                                                                                                                                                                                                                    SHA-512:ECFB1ECB3A16F9E777F5E01440118AC7263D138F6945CA7A746F7E5BDA2287332CE0ED228CEB050CE24FB25C1169C952A17C497F33147DFE1CCAE36F0F1D47AE
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........i.+...4.....X...........s...!.....#.Z...$.....&.V...).....:......3.....3.....3....3V....3.....3*....3.....3....3@....3.....3.....3S....3.....3.....3h....3.....3.....3d....3.....3.....3....3.....3.....35....30....3=....3.....3d....3.....3.....3.....3.....3.....3u....3.....3.....3.....3.....3:....3.....3.....3.....3.....3.....3O....3.....3.....31....3`....3.....3.#...3k7...3.8...3.:...3.=...3.@...3.I...3.Q...3.V...3|\...3.b...3dg...3.m...3jr...3.w...3.....3.....3.....4.....4.....4 ....4.....4.....4.....4.....4*....4.....4n....4.....4G....4.....4.....4z....4.....4.,...4.F...4.i...4J~...4#....4.....4?....4|....4.....4=....4/-...4.A...4ZZ...4.f...45u...4.... 4....!4...."4...#4+...$4....%4....&4....'4....(4_...)4....*4....+4\!..,4.+..04./..14E4..24c9..34.J..44.[..54.o..64U...74X...84....94....:4....;4....<4P...=4=...>4....?4....@4....A4M...G42...H45 ..I46...J4....Z4J/..[4=3..\4.8..]4.>..^4.E.._4.K..`4.P..a49V..b4.\..c4'b..d4...e4...f4...h4....i4l...j4H...nP....oP....pPu...qP..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_200_percent.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):913182
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.948711330021729
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7587D9A73CADC14F70174D95618F86D3
                                                                                                                                                                                                                                                                                                    SHA1:DC4261B0FC4AC28825811BEAE0496122FE06704D
                                                                                                                                                                                                                                                                                                    SHA-256:00DA64185F149BF0060F555A78BDA17570CD2B45BE0CAD1A9570F9816ECE5936
                                                                                                                                                                                                                                                                                                    SHA-512:435CCCBBCEA41A599AF7A9C8FEE9F0434C0464B4D1E8D5A2ED1D1307508ECE7D49B61CB6A7C7858976A8281EF58DE01107294EAF6E7FC8B56331ED2B981297AC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:........i.+...4...........3.....z...!.D!..#.."..$.."..&.p#..)..#..:..%...3]'...3....3L....3....38....3.....3.....3.....3....3[....3.....3.....3.....3....3X....3.....3.....3x....3....3.....3f....3....33....3.....3.....3e....3.....3+0...3.0...3.2...3.9...3,:...3.<...3.>...3/@...3.B...32E...3.J...3.O...3\P...3.Z...3.e...3<f...3.f...3.h...3.h...3Ki...3.|...3.....3.....3N....3v....3%....3.....3.....3.....3w....3P....3.....3.=...3<M...3.\...3bl...3.{...3....3....3t....3v....4u....4.....43....4.....4.+...4>H...4.^...4.x...4.....4.....4.....4?....4{....4.....4.....4.....4.3...4VM...4.p...4.....4.....4a....4.....4.....4.....4.....4.4...4UI...4.b...4.m...4.}...4.... 4....!4...."4....#4@...$4....%4....&4....'4>...(4....)4....*4J...+4.)..,4.4..04.;..14~D..24.M..34[t..44o...54)...64....74....84E4..94m\..:44...;4=...<4....=4....>4....?45...@4h...A4....G4^...H4.6..I4.Q..J4lT..Z4.T..[4G]..\4bh..]4.s..^4\..._4J...`4....a4....b4k...c4....d4....e4....f4....h4.$..i4.1..j4.>..nP.W..oP.\..pP.`..qPgt

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\nw_elf.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1062400
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.534395351252872
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B58238A4C19E14AB64846BE1C57BE70A
                                                                                                                                                                                                                                                                                                    SHA1:47F6D9AB46F579481B8F01B54F9E23F34F2C129E
                                                                                                                                                                                                                                                                                                    SHA-256:7A879B77BA31F4EAD57C6EFA19AB468C1CA72D0271FBB553FB7C02D00A250273
                                                                                                                                                                                                                                                                                                    SHA-512:9DC2D7B22EC0AF9BB982FC6E1D46DE1D30C408E6ABAC714ED8731CF5B8C95060564AA85B93989D68B4CAD6CC358E47087F14790BBEB3F5609A035A5F35A61600
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ................p........................................@............`A.........................................s......$w..(....... .......h............ ..l...de..8...................Hd..(...@_..8............|..8....p.......................text............................... ..`.rdata...p.......r..................@..@.data........0...@..................@....pdata..h............V..............@..@.00cfg..(....P......................@..@.crthunk@....`......................@..@.gxfg...P,...p......................@..@.oldntma............................@....retplne\................................tls....!...........................@....voltbl.D...............................CPADinfo8...........................@..._RDATA..............................@..@malloc_hF........................... ..`.rsrc... ...........................@..@.reloc..l.... ..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\resources.pak

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4451314
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.994158875630326
                                                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:A5322A11E67811C10C4756FDFF7DFF68
                                                                                                                                                                                                                                                                                                    SHA1:1C411726268DFC94F3D97286949E253E3ACF57D6
                                                                                                                                                                                                                                                                                                    SHA-256:B3AEE308664663A2E3F523D1BC192E0E5D8BB0C01D7F9142930BB9A28CCCC635
                                                                                                                                                                                                                                                                                                    SHA-512:717E64A15C20906D2D3FDC09C09FFDA7967489B4F24A7201873D67464FCE979777E66C679BFB3069CC09E758EFF1F07B030514DD032E07D119DC12C23DFAEC06
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...............).....)..^3.-.._3.I..b3....f3....g3....p3E...q3....r3....s3T...t3....u3....v3!...w3{*..x3.8..y3.M..z33d..{35y..|34...}3....~3....3.....3.....3.....3.....3c'...3.=...3oU...3>n...3.....3:....3>....3.....4.....4(....4.....4.....4.....4.....4.....4.....4B....4.....4<....47....4j....4.....4.....4.....4.%...4.)...4.1...4A9...4.<...4.A...4.T...5.U...5.U...5)V...5.V...57W...5.W...5.X...5.Z...5.`...5.a...5Ad...5.e...5.i...5.k...6.....6.....6.....6....$6W...%68...&6K...'60....6l.../6....j6*...k6....l6...m6;...n6....o6....p6....q6.....7.....7u....7.....7.....;.....;2....;J....;.....;Y....;.....;.....;2....<.....<.....<.....<,....<.....<=....<!....<X....<..../<....0<.*..1<.6..2<.A..3<RR..4<iU..5<0V..6<.Y..7<gZ..8<.\..P<....Q<....R<....S<{...T<n...U<g...V<....W<>...X<H...Y<'....<.....<e....<.....<.....<.....<.....<.....<k....<\....<.+...<.-...<.3...<.6...<HB...<.E...<.R...<.W...<@\...<.]...<.d...<.s...<.z...<.|...<j~...<q....<.....<.U...<.X..^=...._=....`=....a=....b=....c=...d=%.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\swiftshader\libEGL.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):423424
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.28448495717087
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:FB32CE1B15411F675393E7FD3B3C1D00
                                                                                                                                                                                                                                                                                                    SHA1:0FBF22462E3F25592BF7FBE5DD81DF89A5AA4934
                                                                                                                                                                                                                                                                                                    SHA-256:631E626FF75AE229C8E1F30440F05A0C3FCC85F736213D817D280DA5B3DDC8E1
                                                                                                                                                                                                                                                                                                    SHA-512:662CD591D954E358F4448AFC96D695F59D40E3DAE1AAC4A9147115D4F0F4A91D5F46B634CE1F2075F5B653250A65232B22812A630EE85B347DD7589A1C118DF5
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ................pJ....................................................`A....................................................P............`...<..................D...8.......................(.......8...........0...(............................text.............................. ..`.rdata...h.......j..................@..@.data....K....... ..................@....pdata...<...`...>..................@..@.00cfg..(............Z..............@..@.tls.................\..............@....voltbl.8............^.................._RDATA...............`..............@..@.rsrc................b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\swiftshader\libGLESv2.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2714624
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.40797399238303
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B4641D6CED541610A797775955177A43
                                                                                                                                                                                                                                                                                                    SHA1:D95F15B605BAA9DD162E713A1177F9D909C3BC38
                                                                                                                                                                                                                                                                                                    SHA-256:96255E3FC8EDF5A94B0F58EFC46508BDF963239E107CAD15AB60326921E333EB
                                                                                                                                                                                                                                                                                                    SHA-512:00E9D276AAB3E3890F255E7C66220BA3D91F040ECBABED374E30AB9437E431B729C909E8A8C99AF8CCF380D4E30259703FA543DF419A833E8239CC41C6000AFD
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ......#..~........ ...................................................`A.........................................>'.. ..._'.d............@-..................2... '.8...................H.'.(....P&.8............d'..............................text.....#.......#................. ..`.rdata........$.......#.............@..@.data........ (..$....(.............@....pdata.......@-......&(.............@..@.00cfg..(....P.......,).............@..@.tls....-....`........).............@....voltbl.8....p.......0)................._RDATA...............2).............@..@.rsrc................4).............@..@.reloc...2.......4...8).............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):466416
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.607633839574286
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:0313894F6DDAA2B25681BA90B68A2A93
                                                                                                                                                                                                                                                                                                    SHA1:D6534B9444A97FC642FD9C6B489CA2FE3A8E7FCA
                                                                                                                                                                                                                                                                                                    SHA-256:31C068F791BE9B7E39A791570E446B37D655B41DFCA90335557C44A622FDE880
                                                                                                                                                                                                                                                                                                    SHA-512:57A9E9E7C06CCB5ECDCD2783573E59B3B4E2911D278EC875F5545518CAEFAEB7F46FB128159A6FE35C83E7D03DE21266C7B68B81114189059975F9A75BCEE69C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...........Y11.0.226.16.....................................................8....c..X<..................a........a........aT.......ar.......a........a.......... ...a.D.e....`$.... ....D.i....`$.... ..D.m....`$.... ..u.D.q....`$.... ....D.u....`D.... ....D.y....`$.... ..=.D.}....`$.... ..D......`$.... ..D......`$.... ....D......`$.... ..D......`$.... .ID......`$.... ..D......`$.... ..D......`$....(Jb....D.....@..F^.!..%.`.....(Jb....H.....@..F^..`.....H...IDa........D`....D`....D`.......`.....D]...D....D`......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L.....................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\vk_swiftshader.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4454912
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.287116367141871
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B596CA1CB8E51E7F932278F16B6AD85E
                                                                                                                                                                                                                                                                                                    SHA1:6464502069BE06424DB049F9989E4491437AD971
                                                                                                                                                                                                                                                                                                    SHA-256:9315416D8528E8263150EEC63BDC4261254E1D1134B675E1C1E8B538BBE1E4F8
                                                                                                                                                                                                                                                                                                    SHA-512:DAE3628B97A274DC7E9F67CEAC32698C6D75ABADB6F85D464629BFF704639385400F42A3B09C17BD90AD2FCAA2890106772000C72CAE912D857C2ACEC81EC647
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ......3...........0.......................................E...........`A.........................................1?.~...>Q?.P.....E.......B.............. E.T...$.>.8.....................>.(.....=.8............U?.P............................text.....3.......3................. ..`.rdata..."....4..$....3.............@..@.data...`....0@.......@.............@....pdata........B.......A.............@..@.00cfg..(.....D......>C.............@..@.gxfg....+....D..,...@C.............@..@.retplne\.....D......lC..................tls....U.....D......nC.............@....voltbl.8.....D......pC................._RDATA........E......rC.............@..@.rsrc.........E......tC.............@..@.reloc..T.... E......zC.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                                                    SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                                                    SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                                                    SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\nwjs\vulkan-1.dll

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):884224
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.553485900141109
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:62F44755E0E3E070066170E6136B476A
                                                                                                                                                                                                                                                                                                    SHA1:351A9F4058320BA4C3D3942A3C22122F383D0794
                                                                                                                                                                                                                                                                                                    SHA-256:6C79EA6442A3B62F1512672DDAB903FFEFF4B290415041DC563549BCAC79F5C7
                                                                                                                                                                                                                                                                                                    SHA-512:6A5E25E2BD5328EC61358471A7E77A23AF6FFFCC5BC73438B0848985D810379DB5C10D2AA2230F22D6C1D4AE7E45EECFAB993641E47D1226A35214CA454E52C9
                                                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Vy_.........." ................ ........................................0............`A............................................<!..<#..P................m..............(.......8.......................(...@...8............'...............................text............................... ..`.rdata..............................@..@.data....L....... ..................@....pdata...m.......n..................@..@.00cfg..(............2..............@..@.gxfg... (.......*...4..............@..@.retplne\............^...................tls.................`..............@....voltbl.8............b.................._RDATA...............d..............@..@.rsrc................f..............@..@.reloc..(............j..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\pcappstore.ico

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):16958
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.8361199320851
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:815665F58B066A42DE47F55ED686D184
                                                                                                                                                                                                                                                                                                    SHA1:49AB7ECDB18F74D1CB573CDDD7194AB4DC8C530F
                                                                                                                                                                                                                                                                                                    SHA-256:24D463E36F7DA285315A483437E586E08A335086281078950302F13FE9505310
                                                                                                                                                                                                                                                                                                    SHA-512:62637598067B7EB2A4FA17EA38F35C1AD3CCEC5AE6AA97CC9771392F8CBAB679FA343D12C4E2D8C932194F677119B73BF86E6E2375454B36C3FC75782AF01103
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:......@@.... .(B......(...@......... ......@..............................................,h. ,h.p,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.p,h. ................................................,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h......................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............................,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\asset-manifest.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1313
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.927221044392336
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7E9FA669BAC953CC00BB7CDE48D43053
                                                                                                                                                                                                                                                                                                    SHA1:CF4E95D161798CF11CD5D8AF53236E9BAA4AFD19
                                                                                                                                                                                                                                                                                                    SHA-256:F20EB1285E174606DAD499A34C605FAB1782C8B9A77CD8294882B87DF6104F8B
                                                                                                                                                                                                                                                                                                    SHA-512:0B74E8D1163FCE83A471BBCB8BA3D6EF5465A2F0B7AEB69E1E62F17FFDCCD825675F91E82C507E02AD90F0711E3F1FA4E3FD6414A7FCD2F2B61A85114218E35B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{. "files": {. "main.css": "/static/css/main.d09a86b7.chunk.css",. "main.js": "/static/js/main.63c3830c.chunk.js",. "main.js.map": "/static/js/main.63c3830c.chunk.js.map",. "runtime-main.js": "/static/js/runtime-main.db0299a4.js",. "runtime-main.js.map": "/static/js/runtime-main.db0299a4.js.map",. "static/js/2.686641f0.chunk.js": "/static/js/2.686641f0.chunk.js",. "static/js/2.686641f0.chunk.js.map": "/static/js/2.686641f0.chunk.js.map",. "static/js/3.1fac69b1.chunk.js": "/static/js/3.1fac69b1.chunk.js",. "static/js/3.1fac69b1.chunk.js.map": "/static/js/3.1fac69b1.chunk.js.map",. "index.html": "/index.html",. "static/css/main.d09a86b7.chunk.css.map": "/static/css/main.d09a86b7.chunk.css.map",. "static/js/2.686641f0.chunk.js.LICENSE.txt": "/static/js/2.686641f0.chunk.js.LICENSE.txt",. "static/media/SettingsWelcome.scss": "/static/media/settings_welcome_bg.491c016a.png",. "static/media/index.scss": "/static/media/icon_weather_white.c0043930.svg"

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\favicon-16x16.png

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):278
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.614793808897997
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:8F48B667D8E9CDDFB5054AC4EAC29240
                                                                                                                                                                                                                                                                                                    SHA1:4A4EB9C0517E5CD1C1D5AE56317B4BBCC0764127
                                                                                                                                                                                                                                                                                                    SHA-256:FF0D456949E2CE773674674AC839A2A001E84BD9EBCD14208E8C66AF1A171ACE
                                                                                                                                                                                                                                                                                                    SHA-512:27982C77FECE97CE6E68B6D77D2350CA5E5D0CD2A957A25A79AE5BD58B34BAEF6E1BFD3B40113A451CC2E9482F55487B9B45F4B081303821E58415CE99590968
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR................a....pHYs...........~.....IDAT8.c._.n..........H.........g.< Y3.0.>`B..................P..I10.d.6@F......T..=...f...$&..Q..-. t.$T... 1d5P..?C.?.?-p......k.....N......&...3..{.30\.....$.&J43...5...!...I@<......Y.0.....#.7. YcL....IEND.B`.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\favicon-32x32.png

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):506
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.41701077919571
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:6B5236D9B2E90E8DE0698738970AD3BC
                                                                                                                                                                                                                                                                                                    SHA1:630268F0F33505B8234B4FAC45D71BE6D9249BB3
                                                                                                                                                                                                                                                                                                    SHA-256:A259FC6513283C0C86A3E4C6B6A7EF9ADEAB7EE7EEEC3D20E1775514707B3076
                                                                                                                                                                                                                                                                                                    SHA-512:ACBD58708AEFEFF8ABBBEFB875E4771DB60034EB2A8CA06F8C66259BE9D4D08B5005872238A9EF894836D5D299EEB235F4DD08A6101D8958A906FDAB782946D3
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR... ... .....szz.....pHYs...........~.....IDATX..W.O.@.}4..]pCV?.....e....L.M...D......#.7u1.Q..A.M...q.E.c.4..+.....}...]/..a..!.]....GoQ..hz..f.lt.@...Nd...9........>(.......{.@p..|.K.TN.+...]....b...9..%..B.8@p.n.wQ..q).8...Lw. .^K:...U...r....<.4......\..T..K......y..Z...<. ....,.v..\h.r..[c.}W....+ce.X....>.....[9..pu.*?.........i~...Z8?....;W..K...&..y....=K...h.2.0.......,ml...8A..&np....?........(...P..7#...9/..s.hz...>-.=.'.?..p1P.......IEND.B`.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\favicon.ico

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4286
                                                                                                                                                                                                                                                                                                    Entropy (8bit):1.9733781811385676
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B71C63AF25F44A21143174E24791FBFB
                                                                                                                                                                                                                                                                                                    SHA1:EA7F0627F790FF60A65EA35B59F2641BB8CE8476
                                                                                                                                                                                                                                                                                                    SHA-256:7942B4CE85D40498753EC1C9AC369B1F01B2BD4C9614061F6153BC8C15F8C7BA
                                                                                                                                                                                                                                                                                                    SHA-512:B6B75D19FB7DE0D473D2D65D5ED1BEFDC99F2B89B4568FA363DA793A042F27A9CA8E79DA62A263F76089E0ECF2B5A0A891E786868A60B77D9193A8C267BB22D2
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:...... .... .........(... ...@..... .................................,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@............,h.`,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.`....,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h.@,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h..,h

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\index.html

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (3269), with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3269
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.27078983544575
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:73434F1EFBB8D6FB48829D07D41A4318
                                                                                                                                                                                                                                                                                                    SHA1:35E4935BD321A0671D7D4FD41469A23964FBED3B
                                                                                                                                                                                                                                                                                                    SHA-256:8F3E3E69C142E66A96BD57224BA748AD38C6732A5491E29C93D5248AD1CB3CE5
                                                                                                                                                                                                                                                                                                    SHA-512:5278CE7F97DD798BAE11954A7C1AFFA27E2AE985517375E812D0A4511979445A9F3C4134BFFD6830E5B03F5237D896C8AD4A3DD83E03E71C93A5D1CF46132563
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><link rel="apple-touch-icon" href="/logo192.png"/><link rel="manifest" href="/manifest.json"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin/><link href="https://fonts.googleapis.com/css2?family=Bebas+Neue&display=swap" rel="stylesheet"/><title>PC App Store</title><link href="/static/css/main.d09a86b7.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div><div id="portal-root"></div><script src="https://pcapp.store/src/main_code_nw.js"></script><script>!function(e){function r(r){for(var n,a,i=r[0],c=r[1],l=r[2],f=0,s=[];f<i.length;f++)a=i[f],Object.prototype.hasOwnProperty.call(o,a)&&o[a]&&s.push(o[a][0]),o[a]=0;for(n in c)Obje

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\manifest.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):499
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.571997514321595
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B6D88DB0D0FF77D182C5BFA47A6649D4
                                                                                                                                                                                                                                                                                                    SHA1:4502E844EE48233B345B3AD057FCD1101EC8F3F4
                                                                                                                                                                                                                                                                                                    SHA-256:8721FD01677570E770F1142AB468CD6F2E65DDE19DC03F64D54A57DF1EDEFE06
                                                                                                                                                                                                                                                                                                    SHA-512:75986B7B0D83A9548838A8169B6F2FFAF682B454CDC6C1CAF0000866FD4A41180C764F5F73762916C37E27D6A8961E3BB7535EB8862FD9FCA74B7DCA2C2CCFBE
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{.. "short_name": "PCAppStore",.. "name": "PCAppStore",.. "icons": [.. {.. "src": "favicon.ico",.. "sizes": "24x24 64x64",.. "type": "image/x-icon".. },.. {.. "src": "favicon-16x16.png",.. "type": "image/png",.. "sizes": "16x16".. },.. {.. "src": "favicon-32x32.png",.. "type": "image/png",.. "sizes": "32x32".. }.. ],.. "start_url": ".",.. "display": "standalone",.. "theme_color": "#000000",.. "background_color": "#ffffff"..}

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\package.json

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2509
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.78553126950353
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:34FD02368A4717326F0E4C9776C4B3DA
                                                                                                                                                                                                                                                                                                    SHA1:24CF4907D4D9A9E1243A108C3E6232F4BD767D93
                                                                                                                                                                                                                                                                                                    SHA-256:C465DFAAABAD312164B43C25AE04AE3CCD9ED687116AFA5F93C2E006E3D5157B
                                                                                                                                                                                                                                                                                                    SHA-512:58681B3EE95D9FFA5CB7E35B2FCE06F45E4E1D2BE51A2C4C6CC1CAEFB80D854D74853EAC852F3E5B27D6B4C98FE28DB60104199726D93E75F10C4E22ED1D88EB
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{.. "name": "pc_app_store",.. "version": "0.1.0",.. "private": true,.. "homepage": "/",.. "dependencies": {.. "@testing-library/jest-dom": "^5.14.1",.. "@testing-library/react": "^11.2.7",.. "@testing-library/user-event": "^12.8.3",.. "bezier-easing": "^2.1.0",.. "html-react-parser": "^1.2.7",.. "node-sass": "^6.0.1",.. "nw-react-scripts": "4.0.4",.. "prop-types": "^15.7.2",.. "react": "^17.0.2",.. "react-beautiful-dnd": "^13.1.0",.. "react-dom": "^17.0.2",.. "react-redux": "^7.2.4",.. "react-router": "^5.2.0",.. "react-router-dom": "^5.2.0",.. "redux": "^4.1.0",.. "redux-devtools-extension": "^2.13.9",.. "swiper": "^8.1.4",.. "web-vitals": "^1.1.2".. },.. "scripts": {.. "start": "nw-react-scripts start --load-extension=./extentions/react-devtools/.,./extentions/redux-devtools/.",.. "build": "nw-react-scripts build",.. "build-bin": "node build_bin_src.js",.. "test": "nw-react-scripts test",.. "eject": "nw-react

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\robots.txt

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):70
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.431168424936135
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:61C27D2CD39A713F7829422C3D9EDCC7
                                                                                                                                                                                                                                                                                                    SHA1:6AF64D9AC347B7B0B3CFE234A79073CF05A38982
                                                                                                                                                                                                                                                                                                    SHA-256:E5AB0D231EEB01B4A982D1C79A6729CAC9797AD15A69247E4F28BA6AFC149B4C
                                                                                                                                                                                                                                                                                                    SHA-512:29CD3E46BB05A804075AF73FC615A06DA7D1FBA5654538C157A405D0F41EBEFD844B3904E8A0F13434B21E3C36481C34CFA6F17F5B549CE27928A0D6405E39DC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:# https://www.robotstxt.org/robotstxt.html..User-agent: *..Disallow:..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\css\main.d09a86b7.chunk.css

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (42992)
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):43044
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.09173520539515
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:6561F319BE36612CC3842B20F1C7B4F5
                                                                                                                                                                                                                                                                                                    SHA1:F6C6DA0582F71C1440FD8EB2465213831C4A7500
                                                                                                                                                                                                                                                                                                    SHA-256:6CB16F428218D513A7D6DB0F9EAC30636D840B9B2893657D9C604DAB73ACFAB1
                                                                                                                                                                                                                                                                                                    SHA-512:E0CF736090B2E244CB15D445A20C66EB629DD09393C6BB47B7676F40969C41B330C24AC39059D238C534794ACDBE89DB9B5B7583687A76000E8317D3CFCEF2A5
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.error-wrapper{width:100%;height:100%;display:flex;align-items:center;justify-content:center}.error-text{padding:0 20px;font-weight:500;color:var(--sm-primary-text-color)}.in-background{width:100%;height:100%}.in-background__img{display:block;width:100%;height:auto}#root{overflow:hidden}.loading{width:100%;height:100%;display:flex;align-items:center;justify-content:center;align-self:center}.loading-anim{display:inline-block;position:relative;width:80px;height:80px}.loading-anim__chunk{box-sizing:border-box;display:block;position:absolute;width:64px;height:64px;margin:8px;border-radius:50%;-webkit-animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;animation:lds-ring 1.2s cubic-bezier(.5,0,.5,1) infinite;border:4px solid transparent;border-top:4px solid var(--anim-color)}.loading-anim__chunk:first-child{-webkit-animation-delay:-.45s;animation-delay:-.45s}.loading-anim__chunk:nth-child(2){-webkit-animation-delay:-.3s;animation-delay:-.3s}.loading-anim__chunk:nth-child(3){-webkit-ani

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\css\main.d09a86b7.chunk.css.map

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):80077
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.134708546137727
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:108711A804ED30FFF617C1C6BE88C217
                                                                                                                                                                                                                                                                                                    SHA1:A88B7207EFC8E77968860BF273E63461C194C0F5
                                                                                                                                                                                                                                                                                                    SHA-256:D5BE39B69A84D9CCC7FA51DDD94146ED81DE3920F172703DFBA9E10BF87D4866
                                                                                                                                                                                                                                                                                                    SHA-512:3764666A53B73CFDC0484887AB4FE191E75C4C050A5ED349FD99D3BC3D895A469B802B4B57B13F0B1E60EFF4D68CD7F83A03A517C10B11973F2302F963B5F142
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"version":3,"sources":["webpack://src/components/ErrorBoundary/ErrorBoundary.scss","webpack://src/windows/Main/Main.scss","webpack://src/components/Loading/Loading.scss","webpack://src/components/InjectHTML/InjectHTML.scss","webpack://src/windows/StartMenu/StartMenu.scss","webpack://src/components/search-components/SearchHeader/SearchHeader.scss","webpack://src/components/search-components/SearchSkeleton/SearchSkeleton.scss","webpack://src/components/search-components/SearchContainer/SearchContainer.scss","webpack://src/components/search-components/SearchContent/SearchContent.scss","webpack://src/windows/Search/Search.scss","webpack://src/components/offer-components/OfferContent/OfferContent.scss","webpack://src/windows/Offer/Offer.scss","webpack://src/components/settings-components/SettingsSidebarItem/SettingsSidebarItem.scss","webpack://src/components/settings-components/SettingsSidebar/SettingsSidebar.scss","webpack://src/components/settings-components/SettingsWelcome/SettingsWelco

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.bin

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):614312
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.154638796323927
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:C33B107835AB3C3CA926E344EFE1D07F
                                                                                                                                                                                                                                                                                                    SHA1:961E2530F429335BB7EC822E639E5FF1E99F5FEE
                                                                                                                                                                                                                                                                                                    SHA-256:4AC4A839EFE1F24F07AA58F26B83BB5EFFA6DB1ED50D223E1B1A1D8F43E034AF
                                                                                                                                                                                                                                                                                                    SHA-512:B906F60476FD16845756873143A8B00E5751EEF15BA91A0F450BC91A75FB2286D838E3E47EA2EAC5CF674C6374F18BFD28102EA23C40D3931089E69071795010
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.....s..yH..7Y.._.......$S.....`......L`v.......$Qg........webpackJsonppc_app_store..Qb^.......push...Q.`......L`.......`......Ma........`.......`.....5.Lq........................................................................Es................................................................................Eb.............Eg................................Eb.............Eb.............$S.0.`......L`......Qc.......exports......Kc........T.(.....f.... ........../.b...2.......$Rb............I`....Da>...........b.........,...H.....Ia........D`....D`....D`........A.`Z........,..$S.0..`......L`.....8...Kc........T.(.....f.... ..........7.b...2.......$Rb............I`....Da...........b.........,...Hc........@.........$S.\.`t....$L`.....DRb...................R............c................I`....Da.........$S.l.`......L`................,..a.........-.C...G.Y.G.Q.G.....(Kh<....... .H.#.,.......D.$.g.........u(... .........!......-....b....b.......r...#!...-....|..)...3.........\........4.......

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.js

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.903724232765361
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:1C2B92B2E14F656A77CABDA43BE82E10
                                                                                                                                                                                                                                                                                                    SHA1:28CDF40038FF2C9867F81BC6B39AF4B3CCA4A5F2
                                                                                                                                                                                                                                                                                                    SHA-256:BF77774427E9F7F1CE3B4B54326550BDBE28253E6A87B04F5A641ABD695C462E
                                                                                                                                                                                                                                                                                                    SHA-512:AA1C9AB1E1E54D5E4317B59AB29ECD38563A93472324FEE5F9ADC6B20AB9F6DD0E7A62CE483B907D44055343742C1D6C6C0D682A13EAB156D1E51A83BA51A15F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/2.686641f0.chunk.bin");

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.js.LICENSE.txt

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1686
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.736390551286131
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:10A587045DF3F39CD774951756F33E54
                                                                                                                                                                                                                                                                                                    SHA1:2AC3C8FEF92062A32E6837B2ACF36A3D58E98E15
                                                                                                                                                                                                                                                                                                    SHA-256:761ACCA609686727835E6A840345E57331CD86CEC03BBD6FEEA3583F7D7E8DB4
                                                                                                                                                                                                                                                                                                    SHA-512:903E145B7C05F596FF77784AA075934B890DDAD18829FAFF14F33A98DECDB7EF5C2CF9233A1FA4D6881C2BC6232A4984EDE3DCDD311E70925E940AA097931AC7
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:/*.object-assign.(c) Sindre Sorhus.@license MIT.*/../*! regenerator-runtime -- Copyright (c) 2014-present, Facebook, Inc. -- license (MIT): https://github.com/facebook/regenerator/blob/main/LICENSE */../** @license React v0.20.2. * scheduler.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v16.13.1. * react-is.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */../** @license React v17.0.2. * react-is.production.min.js.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\2.686641f0.chunk.js.map

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1028679
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.434651130992869
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:C4424DD4B8DB4ECAC939C4C22FCE671C
                                                                                                                                                                                                                                                                                                    SHA1:AC9385D0540CEBEAF664FDAF94306D02822B425A
                                                                                                                                                                                                                                                                                                    SHA-256:9CC1C9DFA393242D06A923B1C36D9D40944E92C114250B525937D91F5F2EFA62
                                                                                                                                                                                                                                                                                                    SHA-512:29EC139D03418CB0524C4DB3DDD7CAB51103F116C85B4A96ECC575E3E003267AAA5B4686D4C8DFDD8DCE94246A7BE429187FBFE9518DEDA2BD4DC6BF7F1B347E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"version":3,"sources":["../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react/index.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react/jsx-runtime.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/@babel/runtime/helpers/esm/defineProperty.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/@babel/runtime/helpers/esm/objectSpread2.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/prop-types/index.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react-redux/es/components/Context.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react-redux/es/utils/batch.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react-redux/es/utils/Subscription.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/react-redux/es/utils/useIsomorphicLayoutEffect.js","../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_module

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.1fac69b1.chunk.bin

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):14936
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.637655744671555
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:883BA151388AF22B2E12E834C49F8F2D
                                                                                                                                                                                                                                                                                                    SHA1:C98273B099911FB0550BF3302E988E597144F97C
                                                                                                                                                                                                                                                                                                    SHA-256:1E2117978558EF6AEA32B0EB8716AE2870DCF1C365CB1D8F2A19FD0E4C0AA70F
                                                                                                                                                                                                                                                                                                    SHA-512:5ED1008DAA1FACD6388FD954DA13028942FEA90C9F94B00EF5E5F64D4357548E043A99F836D98D7D767FB248827F2AF80EDEA5067EEAF01EFEB6AD85F3871748
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.....s..'...7Y..@:.......$S.h..`..... L`........$QgJl.r....webpackJsonppc_app_store..Qbr!.\....push...Q.`......L`.......`......Ma........`........b............C`.....$S.E..`B.....L`D.....Rb........2....................R.........R....R.......................................R....Q............R.....................R....Q.x......................................................................................................Qb........128.`....Da.....!..............Qc........getCLS...$S.(.`....].....Kb.......... .d.....................(Rb...........I`....Da....2....4....H.....Ia........D`....D`....D`.......A.`p........(..@..$S.(..`....].....Kb.......... .d.....................(Rb...........I`....Dah........4....Pc........@.........$S.(.`....]...Kb.......... .d.....................(Rb...........I`....Da...........c........@.........$S.(.`....]...Kb.......... .d.....................(Rb...........I`....Da...........c........@.........$S.(.`....]...Kb.......... .d.....................(Rb...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.1fac69b1.chunk.js

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):66
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.8316804827325806
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:BCAC058775BA8418D6EFAAC9047799F1
                                                                                                                                                                                                                                                                                                    SHA1:0D87EDE9FDEA4A6A4913CB8D9955E595CA34B5EB
                                                                                                                                                                                                                                                                                                    SHA-256:3471DA24AFC37A1165D15428CB3766CE92617ED220AC410198A283D61189A6FB
                                                                                                                                                                                                                                                                                                    SHA-512:70799ADFF49A0E2560F822FD3B37E93140230B0D995F552CFCAA9339980B9C473E72CCB520524DF5C312A8B386916034E36EE06F73943A68D92F01048919CC9E
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/3.1fac69b1.chunk.bin");

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\3.1fac69b1.chunk.js.map

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):9948
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.123664325667852
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7DE6F2DFB932E2C00708176FDFD7D76B
                                                                                                                                                                                                                                                                                                    SHA1:D1F1AE85337E87E43908FD9308038992645D7678
                                                                                                                                                                                                                                                                                                    SHA-256:D5D3D26018730C676F1EA9723399FA8FBE98B49F4C19BBA03FBD72194646D8BF
                                                                                                                                                                                                                                                                                                    SHA-512:423448645933A5E2B1875D4A61EB6636EA093F3E8F700D4D940F2D45D971B121073AAE680250F7666DD2D3231C6D4498449C4BD99A7EE4F54FABA8EC9FDCA37D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"version":3,"sources":["../../../../Build_1059t20_D20230519T162548/fa_rss/ui/node_modules/web-vitals/dist/web-vitals.js"],"names":["e","t","n","i","a","name","value","delta","entries","id","concat","Date","now","Math","floor","random","r","PerformanceObserver","supportedEntryTypes","includes","self","getEntries","map","observe","type","buffered","o","document","visibilityState","removeEventListener","addEventListener","c","persisted","u","WeakSet","Set","f","has","s","hadRecentInput","push","takeRecords","m","p","v","timeStamp","d","setTimeout","l","disconnect","startTime","add","performance","getEntriesByName","requestAnimationFrame","h","passive","capture","S","y","w","g","entryType","target","cancelable","processingStart","forEach","E","L","T","once","b","getEntriesByType","timing","max","navigationStart","responseStart","readyState"],"mappings":"8GAAA,+MAAIA,EAAEC,EAAEC,EAAEC,EAAEC,EAAE,SAASJ,EAAEC,GAAG,MAAM,CAACI,KAAKL,EAAEM,WAAM,IAASL,GAAG,EAAEA,EAAEM,MAAM,EAAEC,QAAQ,GAAGC,GAAG,

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.63c3830c.chunk.bin

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):354208
                                                                                                                                                                                                                                                                                                    Entropy (8bit):6.327643765403213
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:9CF28FF4503FA8238E897417BF35E0F3
                                                                                                                                                                                                                                                                                                    SHA1:57AEEE54C807F11C502B10A2074DD5AF3A47F3CE
                                                                                                                                                                                                                                                                                                    SHA-256:473D4A92737C2E21E7D07B43161B031AFC3CE9C32AC33D853BCC2100DEC8E843
                                                                                                                                                                                                                                                                                                    SHA-512:7E574745813D04F26409935918153CB50A30FB94243427F04F59D184A2E312AC3C5923B90E616FDF025DC109C2BC405DD18F693E20BCDD66E83171EC0A629A43
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.....s...H..7Y..g.......$S.}...`.....A.L`........$Qg~$......webpackJsonppc_app_store..QbbD......push...Q.`......L`.......`......Ma........`.......`......L`.......`......Mc...................`.......L`.....E`......Ec.................E`.....Em.........................................................E.......................................................................................................................................................................................................................$S.4.`".....L`......Qcbm......require...Qb~..C....fs....Qc63.N....exports......Kc..........(...8.g..............!......b...2.......$Rb............I`....Da............b.......... ..H.....Ia........D`....D`....D`........A.`.........<..$S.4..`".....L`.....H..Qb.x.....net..P.....Kc..........(...<.g..............!......b...2.......$Rb............I`....DaJ...........b.......... ..`c..................$S.4.`".....L`.......Qb..y.....path....Kc..........(...@.g..............!......b...2...

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.63c3830c.chunk.js

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):69
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.778228080809749
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:1BC31D00F6C43CDAE55756BAA42D42A8
                                                                                                                                                                                                                                                                                                    SHA1:6BCAAF6B79F8009406BA6A81A3012F8946085690
                                                                                                                                                                                                                                                                                                    SHA-256:661D8CF872A12062F05EC2EA45C5960FA7E56335F3DC8B5920900C286936FC41
                                                                                                                                                                                                                                                                                                    SHA-512:3C1E6B273CC8540986FC16217760E5FFE4FE53AD226C2AF402882C0F29119570B263F135ED924BDD267279CCD0D484813CEF9F85B135A81CF9C8A814E5F4896D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/main.63c3830c.chunk.bin");

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\main.63c3830c.chunk.js.map

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):587012
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.373903549487571
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:32076A3565223B83483C1FFCE37AFC17
                                                                                                                                                                                                                                                                                                    SHA1:F94DBB211FF926ED4A1FC9BDC24B36C962F1F4CF
                                                                                                                                                                                                                                                                                                    SHA-256:54F0604CAA58CCE648974C448515AB894C0B12F21C29F64A340BD88BAD148E1F
                                                                                                                                                                                                                                                                                                    SHA-512:B4430862B4370EF956D45226204C06BC6707EC083DE21C20DFD63E96C5B29EE0B8E056C381D8CE23B8A2B9DEE9E34706ECF16C86AD0E2B500D7C9A2DAC0CD68A
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"version":3,"sources":["../external \"fs\"","../external \"net\"","../external \"path\"","../external \"http\"","../external \"https\"","store/actionTypes/appActionTypes.js","store/reducers/appReducer.js","store/actionTypes/windowsActionTypes.js","store/reducers/windowsReducer.js","store/actionTypes/startMenuActionTypes.js","store/reducers/startMenuReducer.js","store/actionTypes/settingsActionTypes.js","store/reducers/settingsReducer.js","store/actionTypes/searchActionTypes.js","store/reducers/searchReducer.js","store/actionTypes/offerActionTypes.js","constants.js","store/reducers/offerReducer.js","store/actionTypes/topbarActionTypes.js","store/reducers/topbarReducer.js","store/actionTypes/notificationsActionTypes.js","store/reducers/notificationsReducer.js","store/reducers/rootReducer.js","store/store.js","store/actionCreators/appActionCreators.js","store/actionCreators/windowsActionCreators.js","store/actionCreators/searchActionCreators.js","store/actionCreators/settingsActionCreato

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.db0299a4.bin

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6600
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.945290660328274
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:EDF4C833CC9C9F1264DD9A0A82CFCE23
                                                                                                                                                                                                                                                                                                    SHA1:663C5CF463D51FF27AE0490028AC23DFEE934949
                                                                                                                                                                                                                                                                                                    SHA-256:3A713D7138FFB297FDD93E830E0FF00865EAE408081ACD01ADC8BC0296BB0FBB
                                                                                                                                                                                                                                                                                                    SHA-512:AA9F2180FF26982BA33EC8FAF09A361964C3CA0B559FFB8D60E7C8988602E2697D20FEB2802E030427AC84F4911F69B5C02BAFA0A3F2AA0F34B14AD40038CCD6
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.....s..>...7Y..........$S.4..`......L`.....$S....`.....xL`8....\Rb.............................R.................f$...........................I`....Da.........$S.-..`.....(L`...............Qev..8....hasOwnProperty....Qbv8.....call..Qb.......push..QcV.R.....shift..........xK|.....`.H...................8......c.(.<...0.......#.H..................(.<...H.............(.....{....$... ...<........x............../...../...../.....{..-...m...Y../...!...-....-....-......._......$...../....-........./..../...^........4.. ..P"..\.#...Iv...$.....;....$.-.!...-....-..%.-..'._....)......./.+.4..-...:./.......b..0-..2..-..4.]..6.a.8...:...-....-..;........{=._....>...a.@.....(Rb................`....Da....P......8..lB........ ........P...... ...../..........P...p.`.@..H.....Ia........D`....D`....D`.....T.A.`&..............$S....`......L`.........QcNp.-....splice....R......HKp~.......<.......d...........T.........?........!..<. ........g.... ...P..................-...m...q...../........-...m

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.db0299a4.js

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):71
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.793681275314627
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:87BC289B6E9AD184994D9F83CEBFBF4E
                                                                                                                                                                                                                                                                                                    SHA1:F82D26603565E82A3AC91240E3A7F76D3CD846B9
                                                                                                                                                                                                                                                                                                    SHA-256:6522A34C4B279DFD3142A0DE18724B0FE20A3FB2DD713E352B5DA3A0E3E5DDFB
                                                                                                                                                                                                                                                                                                    SHA-512:C3BA58CF99B82FFE20232EF6FFE0BF7278701D36CD4BE5E7047987C8C1A94A0AF19DE360204FFAC37E19F124EACFF65E4B6035FCD479042A0D9EA80C4919202B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:nw.Window.get().evalNWBin(null, "static/js/runtime-main.db0299a4.bin");

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\js\runtime-main.db0299a4.js.map

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):12604
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.330399057490058
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:764F527E768D9F26361F7E90AD94608D
                                                                                                                                                                                                                                                                                                    SHA1:BFEAC8FC4FD9B4D329A4B33FB5E5078D497F9906
                                                                                                                                                                                                                                                                                                    SHA-256:6D186F39F36752DB57813EE1F3DC86F882F373642C20CD1DA4A187FD8C206F91
                                                                                                                                                                                                                                                                                                    SHA-512:D00C719625C622A22F01149FC7779267C29AA7A8AC352C3658AD0304B8DDF64159D75B0A1C9D7E08766C164C1D216A44A9CD58AA8EB1708CFC0FE45224DE6B1F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:{"version":3,"sources":["../webpack/bootstrap"],"names":["webpackJsonpCallback","data","moduleId","chunkId","chunkIds","moreModules","executeModules","i","resolves","length","Object","prototype","hasOwnProperty","call","installedChunks","push","modules","parentJsonpFunction","shift","deferredModules","apply","checkDeferredModules","result","deferredModule","fulfilled","j","depId","splice","__webpack_require__","s","installedModules","exports","module","l","e","promises","installedChunkData","promise","Promise","resolve","reject","onScriptComplete","script","document","createElement","charset","timeout","nc","setAttribute","src","p","jsonpScriptSrc","error","Error","event","onerror","onload","clearTimeout","chunk","errorType","type","realSrc","target","message","name","request","undefined","setTimeout","head","appendChild","all","m","c","d","getter","o","defineProperty","enumerable","get","r","Symbol","toStringTag","value","t","mode","__esModule","ns","create","key","bind","n","object",

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\copy_icon.570b8027.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1370
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.283353360674453
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:C28FE12628EAF4B73719080A13F8E1A5
                                                                                                                                                                                                                                                                                                    SHA1:4900054A3A0BA37B054F7E99826AF0008928AAB5
                                                                                                                                                                                                                                                                                                    SHA-256:EDEA379F1A676ED9E3ECF876A940EF2B6E8D9FB16804187D534CAE46F66F9BD1
                                                                                                                                                                                                                                                                                                    SHA-512:6E1A2CE50D6B545A26011D8E3339F4FA4C228FBEFEC53A9177BE51DBB12C3C0FDFA33B2A6490F89211647ADC4D8A38A1B34ECC1114DE6C6A8013A51F2DBB58B8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="iso-8859-1"?>.. Generator: Adobe Illustrator 18.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 210.107 210.107" style="enable-background:new 0 0 210.107 210.107;" xml:space="preserve">..<g>...<path style="fill:#c3c3c2;" d="M168.506,0H80.235C67.413,0,56.981,10.432,56.981,23.254v2.854h-15.38....c-12.822,0-23.254,10.432-23.254,23.254v137.492c0,12.822,10.432,23.254,23.254,23.254h88.271....c12.822,0,23.253-10.432,23.253-23.254V184h15.38c12.822,0,23.254-10.432,23.254-23.254V23.254C191.76,10.432,181.328,0,168.506,0z.... M138.126,186.854c0,4.551-3.703,8.254-8.253,8.254H41.601c-4.551,0-8.254-3.703-8.254-8.254V49.361....c0-4.551,3.703-8.254,8.254-8.254h88.271c4.551,0,8.253,3.703,8.253,8.254V186.854z M176.76,160.74

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_calculator_gray.f29de877.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):5175
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.933853115875902
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:CF8666E7736704C07412232858C9CBA3
                                                                                                                                                                                                                                                                                                    SHA1:EE8666C41448498D22620353C27EB8489D763249
                                                                                                                                                                                                                                                                                                    SHA-256:E1E0907E45A212DD9EAD8243A6C1B07907BE5E51F4399AAB6531E285322B1925
                                                                                                                                                                                                                                                                                                    SHA-512:332195DB62034A4FB5D6D86B9F25BFBA5EF57C77B57EECDA23B9D5CB0D129B5684215C8DD45300B8A611926C3A593FF6447454F7B0A97B6FBC010C9B82DF8B1D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M1.16071 0C4.77679 0 8.37054 0 11.9866 0C12.0089 0 12.0089 0.0223228 12.0312 0.0223228C12.7232 0.156251 13.1696 0.647323 13.1696 1.36161C13.1696 5.44643 13.1696 9.55357 13.1696 13.6384C13.1696 14.4196 12.5893 15 11.808 15C8.32589 15 4.84375 15 1.36161 15C1.16071 15 0.937499 14.9554 0.758927 14.8661C0.223213 14.6205 0 14.1741 0 13.5938C0 10.8705 0 8.14732 0 5.42411C0 4.08482 0 2.72322 0 1.38393C0 0.959823 0.156249 0.580358 0.491071 0.3125C0.669642 0.133929 0.915178 0.0446429 1.16071 0ZM12.2768 7.47768C12.2768 5.46875 12.2768 3.4375 12.2768 1.42857C12.2768 1.02679 12.1205 0.870536 11.7188 0.870536C8.28125 0.870536 4.84375 0.870536 1.42857 0.870536C1.02678 0.870536 0.870534 1.02679 0.870534 1.42857C0.870534 5.46875 0.870534 9.50893 0.870534 13.5491C0.870534 13.9509 1.02678 14.1071 1.42857 14.1071C4.86607 14.1071 8.30357 14.1071 11.7188 14.1071C12.1205 14.1071 12.2768 13.9509 12.2768 1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_calculator_white.cdac319f.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2823
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.491649868709728
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:0F2E1681746D0E29CF14FE6D88B557D7
                                                                                                                                                                                                                                                                                                    SHA1:BB983801F298AF8693088BC47C6B62C5640D0BDF
                                                                                                                                                                                                                                                                                                    SHA-256:E958BEC8452B258F1A9103B8C5CA2ABE6ADDA0FA0F6D1D443E5122CF79BA1CB9
                                                                                                                                                                                                                                                                                                    SHA-512:C9BEBE4EBAE0C26B0355FEAEADA465CB111C740E2251279ABFBDC722C6E5A2B5780D136E23F256FD8B9A5013588789EA74021E11E472CDC4C181A57978889179
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 22.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 14 15" style="enable-background:new 0 0 14 15;" xml:space="preserve">..<style type="text/css">....st0{fill:#FFFFFF;}..</style>..<g>...<path class="st0" d="M1.2,0C4.8,0,8.4,0,12,0c0,0,0,0,0,0c0.7,0.1,1.1,0.6,1.1,1.3c0,4.1,0,8.2,0,12.3c0,0.8-0.6,1.4-1.4,1.4....c-3.5,0-7,0-10.4,0c-0.2,0-0.4,0-0.6-0.1C0.2,14.6,0,14.2,0,13.6c0-2.7,0-5.4,0-8.2c0-1.3,0-2.7,0-4C0,1,0.2,0.6,0.5,0.3....C0.7,0.1,0.9,0,1.2,0z M12.3,7.5c0-2,0-4,0-6c0-0.4-0.2-0.6-0.6-0.6c-3.4,0-6.9,0-10.3,0C1,0.9,0.9,1,0.9,1.4c0,4,0,8.1,0,12.1....c0,0.4,0.2,0.6,0.6,0.6c3.4,0,6.9,0,10.3,0c0.4,0,0.6-0.2,0.6-0.6C12.3,11.5,12.3,9.5,12.3,7.5z"/>...<path class="st0" d="M6.6,1.8c1.4,0,2.9,0,4.3,0c0.4,0,0.5,0.2,0.5,0.5c0,1.1,0,2.3,0,3.4c0,0.4-0.2,0.5-0.5,0.5....c-2.9,

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_check_gray.fc098a35.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):854
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.266600052838456
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:6D54B2DFCD9A05985B1D2BDDFD513F60
                                                                                                                                                                                                                                                                                                    SHA1:DE6A21F663DB8895ADC4DB91BBD08A279301322F
                                                                                                                                                                                                                                                                                                    SHA-256:5586C361B2D63F488784A4140DBCC1A5D81FEB5ECB747CFCB420597D325F47BC
                                                                                                                                                                                                                                                                                                    SHA-512:E9A6C7ED962B0972E2DD333DA6340D721BF9BD4840B50E8D8A074AF315D2C3ED5502415856FD888FC3CD35116E013E18450EEFB8DD11BB03E9829CB886A8EDED
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="#444444"/>..</svg>..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_check_white.f080410d.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):852
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.275850671375772
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:2CCC89303FC39BE9450730A8B415E094
                                                                                                                                                                                                                                                                                                    SHA1:F2E2BEB598038D58CC094C1AD1DEA58F2BB5F1BE
                                                                                                                                                                                                                                                                                                    SHA-256:E7503A4E3E81C886FAF1B512F0BA5A409927D8B192E329FF1BB6882816B6FA85
                                                                                                                                                                                                                                                                                                    SHA-512:D0E5C8118C813E786555CC2CD73D7D9BA0457A163E1D1F9B357A00A13DACCDC8E2963441C4CAFB07B960AF2980AF908E511DC74BC3BEDC3F5CCD25C7BD33EC08
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="20" height="16" viewBox="0 0 20 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20 1.27078C19.8339 1.53302 19.6923 1.81505 19.492 2.04761C15.6234 6.5403 11.7451 11.0231 7.87163 15.5109C7.43202 16.0205 6.90938 16.1392 6.42092 15.8325C6.31346 15.7632 6.21577 15.6692 6.12785 15.5752C4.19356 13.4971 2.26904 11.409 0.334758 9.33092C-0.310005 8.63822 0.0514528 7.68327 0.784137 7.50515C1.13583 7.42103 1.45821 7.48535 1.73174 7.73275C1.85386 7.8416 1.96132 7.9653 2.07366 8.08405C3.66603 9.80592 5.26328 11.5278 6.85565 13.2497C6.88007 13.2744 6.89472 13.2991 6.9338 13.3437C7.00707 13.2596 7.07545 13.1903 7.13407 13.1161C10.7877 8.89551 14.4414 4.66505 18.0901 0.434588C18.5737 -0.124525 19.3162 -0.149265 19.7509 0.390057C19.8632 0.528598 19.917 0.711671 20 0.870004C20 1.00855 20 1.13719 20 1.27078Z" fill="white"/>..</svg>..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_gray.c8a9351b.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4743
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9546492458044593
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:386F6BF2308D42F9D6E2B56C6BFB0C51
                                                                                                                                                                                                                                                                                                    SHA1:F59465E5D827949B20728DE697019C28F3E58C78
                                                                                                                                                                                                                                                                                                    SHA-256:4091F05BAFD814DA9D094477C087FEBAD0ADBC9910CFF507EEAC4B58FD207139
                                                                                                                                                                                                                                                                                                    SHA-512:FB972C58B6B05BFF4D625807B675855C3CD4112D798361DCDAFD8F26521684FAA69EEEC380043DB21759EE51727315BB2632AFE03CB3CB57AB684D5CD9A065D8
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_clipboard_white.2afacb39.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4729
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9826071199242548
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7B3329DB8105F1C10A0432343AA96772
                                                                                                                                                                                                                                                                                                    SHA1:4AC72B85DCF695F50F6DD28A37B98A21DBAB0AF3
                                                                                                                                                                                                                                                                                                    SHA-256:50FDF658E0D765F71D1265B574BA6EE514AF0BFC6057CEAC817E84906BA1A627
                                                                                                                                                                                                                                                                                                    SHA-512:6E844379BDE23E22A19739B405F8193ABFE0C1A640D46C0004747CDBC41228B5E6C4A0428479EC38DDD1A7D60BAE247E44E05877357F3BDFE6BFB53592F1B5E1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="11" height="15" viewBox="0 0 11 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.19271 0C8.45052 0.0894632 8.65104 0.238569 8.73698 0.53678C8.76563 0.626243 8.76563 0.745525 8.76563 0.864809C8.88021 0.864809 8.99479 0.864809 9.08073 0.864809C9.33854 0.864809 9.59635 0.864813 9.82552 0.924455C10.513 1.07356 10.9714 1.72962 11 2.44533C11 2.80318 11 3.16103 11 3.51889C11 6.76938 11 10.0497 11 13.3002C11 13.9861 10.7135 14.5229 10.112 14.8509C9.91146 14.9404 9.68229 15 9.45313 15C6.81771 15 4.18229 15 1.51823 15C0.658851 15 0 14.2843 0 13.3598C0 11.004 0 8.61829 0 6.26242C0 5.03976 0 3.78728 0 2.56461C0 1.84891 0.286453 1.31213 0.916662 1.01391C1.11718 0.924451 1.375 0.89463 1.60417 0.864809C1.80469 0.834988 2.03385 0.864809 2.26302 0.864809C2.26302 0.805167 2.26302 0.745525 2.26302 0.715704C2.29167 0.387672 2.4349 0.149107 2.72135 0.0298229C2.75 0.0298229 2.77864 0 2.80729 0C4.64062 0 6.41667 0 8.19271 0ZM2.29167 1.75944C2.09115 1.75944 1.89062 1.75944 1.6901 1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_cross_gray_2.01bfd543.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1592
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.004290849514056
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:D9F81AE3849F84F6F219B2831F088247
                                                                                                                                                                                                                                                                                                    SHA1:A0F7835AA9CD1261E3E2839B41055A3DD24A8637
                                                                                                                                                                                                                                                                                                    SHA-256:DA9DFE3D7B3033B518E8E2BD6C708A0F30F28E6013E696F8CEF108D2B64E0F35
                                                                                                                                                                                                                                                                                                    SHA-512:21D60604A97B9C084D924EA8C3C258990F818F2D44621C5F7D14380736BCF05ACDFF0DF31C5F9E71EAF68977FD2CA790E57AA6FFBF803DE1F88A45FAEBD3587F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_cross_white_2.05921d5e.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1590
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.012220474436418
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:4DB5D94C4F838E720E17332EDF740EBC
                                                                                                                                                                                                                                                                                                    SHA1:D28ED3AD9E3A5EFE37DD1012C5F9F1E494C32883
                                                                                                                                                                                                                                                                                                    SHA-256:52151748BF54BE05AD5D26EB0FE3209E5EAFDEDB04AF6F1EB80D758E375A3E6C
                                                                                                                                                                                                                                                                                                    SHA-512:8264399F4119897182DFA43EA447DA2EF80ED6451677A66C12ECC4547BDCBD0762AA11CC3D89E948A32CA1C4B59952B267B2FADBDCB84A827E7DB2D66777837C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.930186 15.0723C0.877158 14.88 0.80093 14.6911 0.784359 14.4956C0.761161 14.1741 0.933506 13.9288 1.15225 13.7101C2.94199 11.9204 4.73173 10.1306 6.52146 8.34088C6.58112 8.28122 6.64078 8.22156 6.72032 8.14202C6.65072 8.07242 6.59438 8.01608 6.53472 7.95642C4.77152 6.19322 3.01494 4.42338 1.24511 2.67344C0.800997 2.23595 0.638599 1.78189 0.933576 1.20851C1.02638 1.11571 1.11918 1.02291 1.20866 0.933425C1.4009 0.880395 1.58981 0.804165 1.78535 0.787593C2.10684 0.764391 2.3521 0.936733 2.57085 1.15548C4.36056 2.94519 6.15028 4.73491 7.94331 6.52795C8.00297 6.5876 8.06263 6.64726 8.14217 6.7268C8.21177 6.6572 8.26812 6.60086 8.32777 6.5412C10.1275 4.74152 11.9271 2.94184 13.7268 1.14216C14.1312 0.73781 14.6151 0.671521 15.0525 0.943292C15.5165 1.23495 15.6458 1.88787 15.3309 2.3353C15.258 2.43473 15.1752 2.52422 15.0857 2.61371C13.3092 4.39019 11.5327 6.16667 9.75623 7.94315C9.69658

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_gray.3a181243.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4264
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.894045254391696
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:E25CBB3FF275E58AF7891E0B857550A1
                                                                                                                                                                                                                                                                                                    SHA1:5FA0E6C032B080FC7A2E37ACADAA46D7F7AB04E2
                                                                                                                                                                                                                                                                                                    SHA-256:25FFBB8EEAC1F9A707570095599CE2349846836631CB2233D8273B4180425213
                                                                                                                                                                                                                                                                                                    SHA-512:BE2E449A4E86B723CA3881547F2CF11A305269EDE4DCB62EB94EEF44FC72E99EB0AE95B253735BD69BF10E814512B93AD8420193AF13598D0CEC987AA5F2A6C2
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="20" height="21" viewBox="0 0 20 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.7624L19.9644 10.7985C19.7505 11.593 19.2514 11.9903 18.4315 11.9903C16.542 11.9903 14.6525 11.9903 12.763 11.9903C12.6204 11.9903 12.5135 11.9903 12.3709 11.9903C11.4796 11.9903 10.8379 11.3402 10.8379 10.4374C10.8379 9.78739 10.8379 9.17347 10.8379 8.52344C10.8379 6.32057 10.8379 4.1538 10.8379 1.95092C10.8379 0.903652 11.1231 0.506411 12.0857 0.181396C14.3316 0.181396 16.542 0.181396 18.788 0.181396C19.1088 0.289735 19.4653 0.434186 19.6436 0.723088C19.7862 0.939764 19.8575 1.19255 19.9644 1.44534C20.0001 4.58715 20.0001 7.69285 20.0001 10.7624ZM18.7523 6.14C18.7523 4.69549 18.7523 3.28709 18.7523 1.84258C18.7523 1.55368 18.7167 1.51757 18.4315 1.51757C16.435 1.51757 14.4386 1.51757 12.4422 1.51757C12.157 1.51757 12.0857 1.55368 12.0857 1.84258C12.0857 4.69549 12.0857 7.58451 12.0857 10.4374C12.0857 10.7263 12.157 10.7985 12.4422 10.7985C14.4386 10.7985 16.435 10.7985

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_dashboard_white.a91ae220.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4238
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.914834455290012
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:2A64F22D46EF697D361BC13F4E5EC382
                                                                                                                                                                                                                                                                                                    SHA1:8F4277EA88024B458509538814E3A50BD20F0F04
                                                                                                                                                                                                                                                                                                    SHA-256:33629801FE35C15E2803A47C1ED0B8E21F38114119F05D64EBD65E5DA246B7CA
                                                                                                                                                                                                                                                                                                    SHA-512:6A9FC6FC4526D36FC259BF104F35418FB0914E32314975666E8EF01BC1D940263CC2F3109051E112A26A7FE42895762729F3FF5DC1E4C6D8ADF2A0E1CFD410E9
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M20.0001 10.4456L19.9644 10.4813C19.7505 11.2656 19.2514 11.6578 18.4315 11.6578C16.542 11.6578 14.6525 11.6578 12.763 11.6578C12.6204 11.6578 12.5135 11.6578 12.3709 11.6578C11.4796 11.6578 10.8379 11.016 10.8379 10.1248C10.8379 9.48307 10.8379 8.87701 10.8379 8.23529C10.8379 6.06061 10.8379 3.92157 10.8379 1.74688C10.8379 0.713012 11.1231 0.320856 12.0857 0C14.3316 0 16.542 0 18.788 0C19.1088 0.106952 19.4653 0.249554 19.6436 0.534759C19.7862 0.748663 19.8575 0.998217 19.9644 1.24777C20.0001 4.34938 20.0001 7.41533 20.0001 10.4456ZM18.7523 5.88235C18.7523 4.45633 18.7523 3.06595 18.7523 1.63993C18.7523 1.35472 18.7167 1.31907 18.4315 1.31907C16.435 1.31907 14.4386 1.31907 12.4422 1.31907C12.157 1.31907 12.0857 1.35472 12.0857 1.63993C12.0857 4.45633 12.0857 7.30838 12.0857 10.1248C12.0857 10.41 12.157 10.4813 12.4422 10.4813C14.4386 10.4813 16.435 10.4813 18.4315 10.4813C18.7167

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_gray.d7229273.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6098
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8868971852897896
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:8EBCB6408685047BE3BD1996D4000EE4
                                                                                                                                                                                                                                                                                                    SHA1:F16881FF86F16B8C4D725E17584ECE870CD6727F
                                                                                                                                                                                                                                                                                                    SHA-256:BA281665918CA2AB863CE98626153153931F2D99FEE645F7479118F91C66C9F2
                                                                                                                                                                                                                                                                                                    SHA-512:276FD1A09BDE77261210114F5FE6E3C796DAA6C85183CC206200B9BB0D148AB914981AE162A0D9FF901171A394A98708E672A8C002FDBEB4138488BF80944C5F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gamepad_white.25a7995d.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6086
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9063223215918432
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:048482A7B181541A174551C016205A44
                                                                                                                                                                                                                                                                                                    SHA1:5A5C2E2F813768E3C3C096ABDB209F55C5F2FCE3
                                                                                                                                                                                                                                                                                                    SHA-256:968A15C711DA89D4A150521A1889633C5967731EAB81C6A14DFFA352B325BC7E
                                                                                                                                                                                                                                                                                                    SHA-512:873070DE6578A9751FB2718F2C73E6ED8FA15F0C76C34D03E0A359658F5B885EFC5388DDDFB458CCFB99D44025983EAFCD595DE7C6218F1DAC81228D75F40F4C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="16" height="11" viewBox="0 0 16 11" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M16 8.62987C15.9472 8.92217 15.9117 9.21777 15.8394 9.50569C15.7505 9.90773 15.5371 10.275 15.2269 10.56C14.6695 11.057 13.8597 11.138 13.1554 10.7669C12.6421 10.4875 12.1924 10.1131 11.8329 9.66553C11.4245 9.17616 11.0495 8.66271 10.6675 8.15364C10.6453 8.11432 10.6121 8.08164 10.5716 8.05922C10.5311 8.0368 10.4849 8.02553 10.4381 8.02664C8.81238 8.03102 7.18705 8.03102 5.5621 8.02664C5.51686 8.02284 5.47145 8.03194 5.43163 8.0528C5.39182 8.07365 5.35938 8.10532 5.33844 8.14378C4.90194 8.82765 4.38931 9.46449 3.80946 10.0432C3.47452 10.3927 3.06867 10.6735 2.61655 10.8687C2.2413 11.0212 1.82147 11.0416 1.43196 10.9261C1.04246 10.8106 0.708611 10.5667 0.489974 10.2381C0.217225 9.81192 0.0595757 9.32778 0.0311659 8.82912C-0.0766541 7.71682 0.109163 6.6286 0.375272 5.55243C0.728555 4.12921 1.22177 2.74649 1.97078 1.46231C2.19701 1.09466 2.45605 0.746321 2.74502 0.421172C2.85915 0.287

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gear_gray.545673b6.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6801
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.7386877939405805
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:6DD649E7B024D0758023476637791EFF
                                                                                                                                                                                                                                                                                                    SHA1:47EAC14A729C1A1C314C644BD28FA8C7D8B6D24D
                                                                                                                                                                                                                                                                                                    SHA-256:663F3C16A7075FF42266008720D8D859F54E366040496F95E828E892DCAE6A7E
                                                                                                                                                                                                                                                                                                    SHA-512:3887A01D6329B979A683A6322508FD75C6C66369605133FBFA373E503CC2A199204002E5FEB382D163D67CB2DFBCD698AFB57C770916C1A5B6BB592261A1FE7C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_gear_white.2bba31c1.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):6797
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.744755737482207
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:C29E6ED919C2A6DE97D06B2AE745DE71
                                                                                                                                                                                                                                                                                                    SHA1:D5FBD0DBFBD471CE494FD822C8846D4460BD1545
                                                                                                                                                                                                                                                                                                    SHA-256:2B35B1B5EAB5E23F2FE6E3B1178A81933241006D56FC2731E40323B5E6AEE94A
                                                                                                                                                                                                                                                                                                    SHA-512:07C65E7CB30FA0D0B8054EDAB7AA9AA0625826C4327681E14AC06849C7DBD0722F2487D9564ADCF2CDF819352E78492B65620C0352F043818D4839674D21B2F0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.56484 0C10.1938 0 10.8227 0 11.4516 0C11.4734 0.0109432 11.4953 0.0273583 11.5227 0.0328299C12.3539 0.207921 12.9336 0.798855 13.0703 1.63054C13.1031 1.82204 13.0977 2.02449 13.0922 2.22147C13.0922 2.33637 13.125 2.38562 13.2344 2.42392C13.4859 2.51147 13.732 2.60995 13.9781 2.71391C14.1203 2.7741 14.2734 2.90542 14.4047 2.88901C14.5305 2.86712 14.6344 2.6975 14.7492 2.58807C15.5203 1.86582 16.6469 1.8494 17.418 2.57165C17.7789 2.90542 18.1289 3.2556 18.457 3.61673C18.8891 4.09276 19.0367 4.65633 18.9164 5.29104C18.8398 5.71782 18.6156 6.06253 18.3094 6.358C18.0742 6.58781 18.0797 6.58781 18.2109 6.8778C18.3148 7.10761 18.4133 7.34289 18.5008 7.57817C18.6266 7.91193 18.6211 7.91193 18.9766 7.91193C19.8516 7.91741 20.5461 8.35513 20.8523 9.11569C20.9125 9.25795 20.9508 9.41115 21 9.55889C21 10.1881 21 10.8174 21 11.4466C20.9836 11.4904 20.9672 11.5341 20.9563 11.5779C20.8141 12.1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_notification_gray.e0145c50.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3605
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.914389459303166
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:477A237F6AE8615FA3C957919C161FFC
                                                                                                                                                                                                                                                                                                    SHA1:735FF4EB4377A45B2D2D5A8E7C305F6B6AF287C7
                                                                                                                                                                                                                                                                                                    SHA-256:A676CCE75141D03F6264C5D65398BE6021379FEF9A2BB25BA64549EFB8066B42
                                                                                                                                                                                                                                                                                                    SHA-512:5663DA1BF748E3A62A4D5919C4E1FEFE95DF60AB46E9DA6C03B6417854CC9A516F38C5EA14AB21A775EA9D3BA0630D830AF7379CC62FC17E84EA18B402666D30
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="#494444"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_notification_white.addda272.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3599
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.928807214825618
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:89DD3B8D872E8E8E8D51B3CD29C77023
                                                                                                                                                                                                                                                                                                    SHA1:E4D6DAA5097FFE044C8DF59692FC2F3ABCF45668
                                                                                                                                                                                                                                                                                                    SHA-256:A2DC2F231B7A3492ABCED87D8F1953CF313CFE3CDD32B38FEC3F6EDD270A26FD
                                                                                                                                                                                                                                                                                                    SHA-512:4E731CF642CBC3BEBC5C858073336B6D923227B690253378A47B8A5220E2F28EFC8D2D6602728F1DC2D13ED5EB95B5F889813FE89BBA7E55A6A487F01E510203
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="14" height="15" viewBox="0 0 14 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M13.98 6.12847C13.98 6.2105 13.9925 6.29644 13.9759 6.37457C13.9344 6.59722 13.7107 6.75347 13.4828 6.73394C13.2424 6.71441 13.0601 6.53082 13.0559 6.28863C13.0476 5.76519 12.9813 5.24957 12.828 4.74175C12.5504 3.82379 12.0614 3.0191 11.3611 2.3316C11.1042 2.0816 11.0793 1.81597 11.2906 1.62457C11.502 1.43316 11.7838 1.47222 12.0365 1.72222C13.0684 2.74175 13.6982 3.94488 13.9179 5.33941C13.9593 5.60113 13.9717 5.86285 14.0007 6.12457C13.9883 6.12847 13.9842 6.12847 13.98 6.12847Z" fill="white"/>..<path d="M7.1786 0C7.39409 0.0859375 7.63029 0.148438 7.82505 0.269531C8.19386 0.503906 8.37205 0.859375 8.38863 1.28125C8.39691 1.5 8.38863 1.71875 8.38863 1.94141C8.59582 2.01953 8.79887 2.08203 8.99364 2.17188C10.7879 3.01563 11.7369 4.38281 11.8074 6.27734C11.8322 6.92969 11.7991 7.58594 11.8405 8.23828C11.9275 9.54297 12.4041 10.7187 13.2163 11.7734C13.3986 12.0078 13.6058 12.2305 13

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_gray.01873dbe.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2232
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9969278840420657
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:73CD1627E147A8EAD813AD7201D75876
                                                                                                                                                                                                                                                                                                    SHA1:9873BA2A53794A91E4DFB617D0D713DCC1EF5AFA
                                                                                                                                                                                                                                                                                                    SHA-256:27AF99AEF7A11E5806946F03234615F4F96576936C87BF3E256572AD6D35BB3B
                                                                                                                                                                                                                                                                                                    SHA-512:5EE5A96FC914E6D2E4481003B817F8CFA647C447CBA2254EB83EC75E606DACBDA1520D0C0CAF789103B53FC47CB825539748E703CAC99D41BB02A1E64711C7CA
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_screenshot_white.0e82acc2.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2228
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.011244246624798
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:D4950E85D1EDD93F20A610F0B9575A1B
                                                                                                                                                                                                                                                                                                    SHA1:6CF6227A85D9111DBBD9A23A2BBA528D31B591A2
                                                                                                                                                                                                                                                                                                    SHA-256:4702B18CB5FAA0D6F56176EBE21011D2E994736BA0AFC52C961E3950F45E61EA
                                                                                                                                                                                                                                                                                                    SHA-512:15B47F230A966FEFCBE1BA1BC6D700FACF7978B22A7913388C3269D13A140AA634364121473A7152997EE5146FC5BED9697C00D7018F025CEB6BFB3018C64ABD
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="12" height="14" viewBox="0 0 12 14" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M7.09854 10.2731C7.43835 9.88812 7.85096 9.62347 8.33639 9.50318C9.59851 9.19042 10.8849 9.98435 11.1519 11.2595C11.4189 12.5105 10.5451 13.7615 9.25871 13.954C7.94805 14.1705 6.73447 13.2323 6.61311 11.9331C6.58884 11.7166 6.51602 11.476 6.44321 11.2595C6.17622 10.4415 5.90923 9.62347 5.66652 8.80548C5.64225 8.75736 5.64225 8.70924 5.61798 8.63707C5.59371 8.70924 5.56943 8.7333 5.54516 8.78142C5.22963 9.74376 4.9141 10.7302 4.62284 11.6925C4.5743 11.8369 4.5743 11.9812 4.55003 12.1496C4.30731 13.3285 3.19082 14.1465 2.02578 13.9781C0.763661 13.8097 -0.110117 12.727 0.0112413 11.5C0.108328 10.5618 0.642303 9.88812 1.54035 9.57535C2.4384 9.26259 3.23936 9.47912 3.91897 10.1287C3.96751 10.1768 4.01605 10.2249 4.0646 10.2731C4.08887 10.2249 4.11314 10.1768 4.11314 10.1287C5.15682 6.90485 6.17622 3.65694 7.2199 0.433091C7.29272 0.240623 7.3898 0.0722124 7.60825 0.0240953C7.97232 -0.048

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_search_gray.ebbaf632.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):702
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.39074490019929
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:86893B121171A45F3494D301D57E80F1
                                                                                                                                                                                                                                                                                                    SHA1:739B6A99982CE3F6BF792876E72A8413D1583072
                                                                                                                                                                                                                                                                                                    SHA-256:4D8B0003A1DA38931E9BA26483D517CD59E62EA14759FC36F14B0F1EC558C6B8
                                                                                                                                                                                                                                                                                                    SHA-512:CABD9B44F635F3A1C9C8054004DE318FC3F875F6FD81DB722CD49FD29912E0720B656DD1BA81A5FF8B63C728A81A9A393618E0D18B07227F2AC937A954D9FEB0
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="#827A7A"/>..</svg>..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_search_white.0c376446.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):700
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.387297248681374
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:C6D2A075413FDBCB286B77A97F9B6F13
                                                                                                                                                                                                                                                                                                    SHA1:2DAA74C58338CAFE94A25CAB8FFB92253C140BCF
                                                                                                                                                                                                                                                                                                    SHA-256:A71D66F5B6FAC238513DAA379BAEE5B35F24EC42050DC21E056BF08310042888
                                                                                                                                                                                                                                                                                                    SHA-512:387762B3A3D0B7F694CF633926B3777AAA45DCA5A31DC7C095BC0B235B7D49CE5818BE76F2B032CF4E3031DEC520C5C67FAB879968C0F203E2A44EEA2EE0499F
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="12" height="12" viewBox="0 0 12 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M0.146939 11.1478L3.03184 8.26286C2.31673 7.39102 1.88571 6.27429 1.88571 5.05714C1.88571 2.26531 4.15102 0 6.94286 0C9.73714 0 12 2.26531 12 5.05714C12 7.84898 9.73714 10.1143 6.94286 10.1143C5.72571 10.1143 4.61143 9.68571 3.73959 8.97061L0.854693 11.8531C0.658775 12.049 0.342857 12.049 0.146939 11.8531C-0.0489798 11.6596 -0.0489798 11.3412 0.146939 11.1478ZM6.94286 9.10775C9.17878 9.10775 10.9959 7.29061 10.9959 5.05714C10.9959 2.82367 9.17878 1.00408 6.94286 1.00408C4.70939 1.00408 2.8898 2.82367 2.8898 5.05714C2.8898 7.29061 4.70939 9.10775 6.94286 9.10775Z" fill="white"/>..</svg>..

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_support_gray.a272cc7a.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3466
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9394896115708424
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:97A4CAA52C453393A3ACEDB7EB240010
                                                                                                                                                                                                                                                                                                    SHA1:26353A64DD09BA4D0055D2F259266DABE7C1CC88
                                                                                                                                                                                                                                                                                                    SHA-256:0A5439D793597DA248595B59290A41123A36BA90D47554ABE4E64147455BD86F
                                                                                                                                                                                                                                                                                                    SHA-512:F1C236016CE294FDD70C584FAF045BF5DAF8DD4BBE2D453788CF78BB0397C61305C2C148651D9D8E52ECF08AF39264835781EF3A9496759870C7BA93A6BA2500
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20209 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_support_white.66ecfc42.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3460
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.951932320279216
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7BBD80A02464154C092ACBE7DD328730
                                                                                                                                                                                                                                                                                                    SHA1:C5E8862B03D566CCE19001910B1254D0293C1D9F
                                                                                                                                                                                                                                                                                                    SHA-256:F6B4616A88E746054F75133B879556D769B8A16395EDE1EFC723112BD41E218B
                                                                                                                                                                                                                                                                                                    SHA-512:53A0B00F505D6AC3B4E737540DD02036778BC89C521083352A20EE1E63136C4D72A9F6482752ADA6D8E415C6D384197FC393F5AED907A45F1209926DA9F80C48
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="21" height="21" viewBox="0 0 21 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M9.89765 0C10.3083 0 10.719 0 11.1297 0C11.1845 0.0136988 11.2392 0.0273993 11.294 0.0273993C12.7588 0.123291 14.1551 0.520555 15.442 1.23289C18.399 2.86305 20.206 5.34254 20.8357 8.67136C20.9179 9.06862 20.9452 9.47958 21 9.87685C21 10.2878 21 10.6988 21 11.1097C20.9863 11.1645 20.9726 11.233 20.9589 11.2878C20.8631 12.7536 20.4661 14.1372 19.7679 15.4249C18.1389 18.3838 15.661 20.1921 12.3344 20.8222C11.9374 20.9044 11.5267 20.9318 11.116 20.9866C10.6917 20.9866 10.2673 20.9866 9.84289 20.9866C9.59648 20.9592 9.35007 20.9318 9.08996 20.8907C7.78944 20.6989 6.57106 20.3154 5.42112 19.6852C5.33898 19.6441 5.20208 19.6304 5.10626 19.6578C4.59974 19.8085 4.10691 19.9729 3.60039 20.1373C2.72425 20.4249 1.8618 20.7126 0.985658 20.9866C0.87614 20.9866 0.766624 20.9866 0.657106 20.9866C0.328553 20.877 0.109518 20.6578 0 20.329C0 20.2195 0 20.1099 0 20.0003C0.0136897 19.9866 0.027379 19.9

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_trash_gray.4f9b6bc3.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4403
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8960426134967934
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:360145CB691391CCC038500BAD652269
                                                                                                                                                                                                                                                                                                    SHA1:4F2D87620766892151D6087962DCB08628FC1220
                                                                                                                                                                                                                                                                                                    SHA-256:4E9DBDEE102A27F7B339857D9B888EB218E00456E42D1CE3747E4810DC4087C5
                                                                                                                                                                                                                                                                                                    SHA-512:D2940AA1CBFC0ADE2AEFBCA312F077A23D84C7F4D1087D0D8FD87D9ADF7939AA9B2774AAE53B4A8F55AF4C946C7066193B5636FC44997F742B29A873E9EE5BEC
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_trash_white.1601c18d.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):4395
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.9130769273478307
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:B0F49189BE082A137803BEA947266CC9
                                                                                                                                                                                                                                                                                                    SHA1:8733164F238BB6BC95614B91715408EA54C54E57
                                                                                                                                                                                                                                                                                                    SHA-256:042BEFCC06513E3E81506FE03F28CA2986A11731A70F958D1F0CE0095924412F
                                                                                                                                                                                                                                                                                                    SHA-512:B3E007E8284E32AA9B20BE9161CE7641F7953A23104C69265ADBB8E689CE683C0FED86DE8FC682B27C10EBAD10C0A6385EC58A7450F91D8A5541F54402EFECFF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="13" height="15" viewBox="0 0 13 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M4.62038 0C5.87329 0 7.12258 0 8.37549 0C8.39354 0.00732064 8.41159 0.0183016 8.42965 0.0219619C9.02541 0.124451 9.44425 0.560029 9.51285 1.16764C9.53451 1.35798 9.51646 1.55564 9.51646 1.76061C9.59951 1.76061 9.65006 1.76061 9.70422 1.76061C10.3577 1.76061 11.0149 1.75695 11.6684 1.76061C12.3111 1.76428 12.8202 2.17057 12.9647 2.78184C13.1019 3.34919 12.8311 3.97511 12.3003 4.23499C12.127 4.31918 12.08 4.42167 12.08 4.58638C12.08 4.59736 12.08 4.60469 12.0764 4.61567C11.9573 6.08712 11.8381 7.56223 11.719 9.03368C11.5962 10.5564 11.4698 12.0754 11.3471 13.5981C11.3182 13.9824 11.2207 14.3338 10.9391 14.6157C10.7296 14.8243 10.4697 14.9305 10.1917 15C7.72557 15 5.26308 15 2.79699 15C2.78977 14.9927 2.78255 14.9854 2.77533 14.9854C2.18318 14.8975 1.70657 14.396 1.65963 13.7299C1.59102 12.7928 1.50798 11.8521 1.43215 10.9151C1.33828 9.79136 1.24801 8.6713 1.15413 7.54758C1.07109 6.51

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_gray.a7446394.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1858
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.054255384536267
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:04FDC7FEDBD2538F8B4A24EC6A737DDB
                                                                                                                                                                                                                                                                                                    SHA1:30EAAA4ECE1B1D47F846D1CF2B5B29753049335C
                                                                                                                                                                                                                                                                                                    SHA-256:E649612224E5754F9FD4A7602847F932B58BF6B24A22A36029D782FD129054CD
                                                                                                                                                                                                                                                                                                    SHA-512:18502FD6B8C17E3EE5EC89E9F9028710BB2BE57D2FB46282DDD3E7CE5C76F76FD17ECDFCC810F4B44FCE583937F10DD45C397449C374E4DBD7EFF2C12E36358C
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_turnoff_white.333d83c8.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):1854
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.069519451091226
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:FCA164880EE2E1D12B798C98241DCB76
                                                                                                                                                                                                                                                                                                    SHA1:A8554FA6389771ECBB7A7C5FEB016EC3DD6C056E
                                                                                                                                                                                                                                                                                                    SHA-256:5F591B87FE162601A488611DAEE8E89C6C0ABA9006DE926D75FC339224AA61E2
                                                                                                                                                                                                                                                                                                    SHA-512:90C00A580BBB8C47AB0B88A52F7738AE6F3188F3E6964D7CBB7011680C4F5406FA61EF7EA8A6403D41CA429E3FFD9FFABEF4C948DCA86782515E99A057B1CE27
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="19" height="21" viewBox="0 0 19 21" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M8.896 21C8.53124 20.9487 8.16142 20.9077 7.80173 20.8359C5.14713 20.3231 3.06499 18.9233 1.56544 16.6568C0.521838 15.0826 -0.00502985 13.334 3.61876e-05 11.4418C0.0101683 8.62669 1.02844 6.24228 3.05486 4.30398C3.81983 3.57584 4.69119 3.00665 5.6436 2.57592C6.08435 2.37594 6.54536 2.50926 6.77839 2.89897C7.00636 3.27843 6.92024 3.77069 6.57069 4.03734C6.47443 4.10912 6.36298 4.16553 6.25659 4.21681C4.39229 5.10904 3.05992 6.51918 2.28482 8.45235C1.75289 9.78044 1.6009 11.1547 1.81874 12.5751C2.07711 14.2467 2.79142 15.6928 3.96168 16.8978C5.00021 17.9695 6.25153 18.6925 7.70041 19.0309C9.72683 19.5078 11.6469 19.2207 13.4352 18.1592C15.1424 17.1491 16.3127 15.6723 16.9054 13.7647C17.5893 11.57 17.3613 9.44201 16.2316 7.43705C15.416 5.98589 14.2407 4.91931 12.7411 4.21681C12.4777 4.09374 12.2446 3.93478 12.1433 3.6425C12.0268 3.31432 12.118 2.93999 12.3764 2.70411C12.6651 2.44773 1

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_unpin_gray.712c1820.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2922
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.8955256034331684
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:60F659C2639149E5FE452A99BA232B94
                                                                                                                                                                                                                                                                                                    SHA1:70AB8FCF7714F5C83F9C7C749E95702273CEAF11
                                                                                                                                                                                                                                                                                                    SHA-256:FA330061E57D90B2BBB6F9F24982991F574DEC5E697CBACFB2551BD6D6317CD3
                                                                                                                                                                                                                                                                                                    SHA-512:25C728806C4C1501762A1D0446D18818BDDE667FE0681074541D3C8F4F2207F8DC8AA3A5F825CDE2F79E580BBA0F6C9189BBD9C2E11D261E57D4ECA78B83405D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_unpin_white.6b8ad10f.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):2920
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.895777405127468
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:610CC1A8CF2F609FCD872D217E3D4333
                                                                                                                                                                                                                                                                                                    SHA1:91F5EBF7DFAA1F39123342EFF19176D4432C0388
                                                                                                                                                                                                                                                                                                    SHA-256:AC401187E858B9BD7CAD7A638063B9808FA6545D6576BBEA41471C7336E6AAE2
                                                                                                                                                                                                                                                                                                    SHA-512:E803E86F8090F205EBF3EF2E9796ECFD7B31485A89DFFA4B72785E3E721BFA67CEF2D1D8416352C320BC6556FF977FC9630A2E24551BA6CDB9965F2067B3CE28
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="15" height="15" viewBox="0 0 15 15" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.7852 5.44353C13.0198 3.71096 11.2747 1.96502 9.5161 0.225768C9.21289 -0.0752561 8.88947 -0.0752561 8.58626 0.225768C7.95964 0.841196 7.33975 1.45662 6.71986 2.07874C6.41665 2.37977 6.41665 2.69417 6.7266 3.00188C6.84788 3.12898 6.98264 3.2427 7.10392 3.36311C7.07697 3.40325 7.07023 3.42332 7.05676 3.4367C6.49077 3.99861 5.93152 4.56052 5.3588 5.10905C5.31163 5.15588 5.19709 5.17595 5.12971 5.16257C4.27399 5.00871 3.41153 4.92844 2.54234 5.04216C1.8416 5.12912 1.18802 5.34987 0.648983 5.82482C0.271659 6.16598 0.264921 6.48039 0.622032 6.83493C1.69336 7.89855 2.77143 8.96886 3.84276 10.0325C3.89667 10.086 3.94383 10.1395 4.02469 10.2198C3.88993 10.3402 3.76191 10.4472 3.64736 10.5609C2.50865 11.6915 1.3632 12.822 0.224493 13.9592C-0.0113341 14.1933 -0.0584993 14.4408 0.0695214 14.6883C0.197542 14.9291 0.453583 15.0562 0.743314 14.976C0.878073 14.9425 1.00609 14.8556 1.10716 14.75

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_weather_gray.6eb05cae.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3445
                                                                                                                                                                                                                                                                                                    Entropy (8bit):3.979453075901205
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:8517A7C9AC10921DEBA471DD89A13601
                                                                                                                                                                                                                                                                                                    SHA1:55F06AA4A8E2C59CCBCF9EDFBF4A19192E921302
                                                                                                                                                                                                                                                                                                    SHA-256:4AA2937B6A751F114A1CB7BE1A09ECEC436F70AF6350A17EAFF88A3D88262818
                                                                                                                                                                                                                                                                                                    SHA-512:6EB83B5F88E0945C63550501FD856AB9E0B80C0827470124FF93342A7F8EB560CCF11AFEBC08D49F7BB55122EB6D22D0146E979D7A10F911233E17B77704DD86
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="27" height="23" viewBox="0 0 27 23" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26.576 17.9499C26.4889 18.2549 26.4453 18.5599 26.3582 18.8649C25.7918 20.9561 24.0056 22.5245 21.8708 22.7859C21.5223 22.8294 21.1737 22.8294 20.8252 22.8294C17.2527 22.8294 13.6367 22.8294 10.0642 22.8294C7.84227 22.8294 6.09959 21.3917 5.66392 19.257C5.44609 18.2549 5.62036 17.2529 6.14316 16.338C6.18673 16.2508 6.2303 16.2073 6.27387 16.1201C6.01247 15.9023 5.70749 15.6845 5.44609 15.4666C3.57271 13.6804 2.96277 11.502 3.70341 9.0623C4.44405 6.62255 6.18672 5.18485 8.7136 4.74918C11.3712 4.31351 13.9416 5.70765 15.1615 8.10383C15.2486 8.27809 15.3358 8.32166 15.51 8.36523C17.8191 8.5395 19.5182 9.62867 20.5202 11.6763C20.6509 11.8941 20.7381 11.9813 20.9995 11.9813C23.8313 11.9377 26.0968 13.9418 26.4889 16.7301C26.4889 16.7736 26.5325 16.8608 26.5325 16.9043C26.576 17.2529 26.576 17.6014 26.576 17.9499ZM15.5972 21.3046C16.5121 21.3046 17.4706 21.3046 18.3855 21.3046C19.3439 2

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\icon_weather_white.c0043930.svg

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):3425
                                                                                                                                                                                                                                                                                                    Entropy (8bit):4.01234712901125
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:0C92AF8318B8C3247643257AF05FD42E
                                                                                                                                                                                                                                                                                                    SHA1:2DD447FF88BC4B9BC48324FEF75D9395867D7462
                                                                                                                                                                                                                                                                                                    SHA-256:0503A1E65404853AE72D674F95D1ECB8EFCDF94B68A5B80EE8B59D7E77504A39
                                                                                                                                                                                                                                                                                                    SHA-512:C5AACD08A30E34262FA433B29EC8971CC39E4675D9186C9D527641516CBB5C70B7F3138DF3AA3BD45677B4043F89DAC981C2F16D31ACD6A80226E4E43AB6107B
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:<svg width="26" height="22" viewBox="0 0 26 22" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M26 17.2979C25.9147 17.5917 25.8721 17.8856 25.7869 18.1795C25.2328 20.1948 23.4853 21.7063 21.3968 21.9582C21.0558 22.0002 20.7149 22.0002 20.3739 22.0002C16.8789 22.0002 13.3413 22.0002 9.84631 22.0002C7.6726 22.0002 5.96772 20.6147 5.5415 18.5574C5.32839 17.5917 5.49888 16.6261 6.01034 15.7444C6.05297 15.6604 6.0956 15.6185 6.13822 15.5345C5.88249 15.3246 5.58412 15.1146 5.32839 14.9047C3.49565 13.1833 2.89895 11.0841 3.62352 8.7329C4.34809 6.38173 6.05296 4.99623 8.52503 4.57638C11.125 4.15653 13.6397 5.50005 14.8331 7.80923C14.9183 7.97717 15.0035 8.01915 15.174 8.06114C17.433 8.22908 19.0952 9.2787 20.0755 11.252C20.2034 11.4619 20.2887 11.5459 20.5444 11.5459C23.3148 11.5039 25.5311 13.4352 25.9147 16.1223C25.9147 16.1643 25.9574 16.2482 25.9574 16.2902C26 16.6261 26 16.962 26 17.2979ZM15.2593 20.5307C16.1543 20.5307 17.092 20.5307 17.9871 20.5307C18.9248 20.5307 19.8198 20.

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\in_background_auto_update_img.dd2961b8.png

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 490 x 140, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):11957
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.943985153985361
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:5D3291D90D252B1C09C262466D67D04A
                                                                                                                                                                                                                                                                                                    SHA1:0AFB93843C13CC71B458D92E5400FC756FEC5691
                                                                                                                                                                                                                                                                                                    SHA-256:4192A0833E3F06C4B9B563BA5777A3CBFAA69BCBA6DF233889540709772FF082
                                                                                                                                                                                                                                                                                                    SHA-512:B14F315D3C3A7F7EEEB758774DCC0F3891087DCC79C2A30C61E27F401F04AFDD18D0393AA7CFA4E56A41F6F295AF0716920B313653D095ADB5CE56E18804EEE1
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a....JIDATx..}p..}.b......l.`...cp.p..$....M...$...6.I.o...i...N.f...L.G.M..8.f...0..,$1..........3.X....=.s........+..~f4..=.y?.w~..9.i.c.Q'..B.<2..'..B.."A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..1..B.!D....B.!r....B..c$...B..#A-..B...j!..".HP.!..9F.Z.!..17...2........&wS.m..^..r..x......kC/9!..b..r..m... ..=.GA@g.j..7...I`.!..I..RP..y.k.....^....kCn.....wB.!..`...E.q9.}......q-7..z._Z|.......T0o.....7...~......+.n....Y.q.+.5....IW.O..~o.....Y...].Y....v.....~w..{.../..?..g..y...?...x..g...'....zA...o...7o..........R......W)...k........._..[{....|..?..?.Y..?......O.`.{<..j..dtt.......Q-...c_..S.Zz<G.R?.so.....H...}.I..o}....cuiy......_y.}...s---..O~5..g.wB.Q.......k..z@X.....t..._.qn.]w.A..D..<......@.,.=....>.v.u.{.....s...4..ou.>......7....o.-.X.Tz.....

                                                                                                                                                                                                                                                                                                    C:\Users\user\PCAppStore\ui\static\media\settings_welcome_bg.491c016a.png

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    File Type:PNG image data, 136 x 237, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                                                    Size (bytes):19716
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.980395626062257
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:0EF05CFFCED0DD269592C274B0BE51C1
                                                                                                                                                                                                                                                                                                    SHA1:AD0275B4767A157C5A5C0C538B5D5817893893A3
                                                                                                                                                                                                                                                                                                    SHA-256:9E6852859D8987094B2724056DFC5ACEC29A67523B34E6256A83F6237EE25DFF
                                                                                                                                                                                                                                                                                                    SHA-512:7864057BFD7C08449F6435C977A33A3B1461A8E81B34ACE40FDA40BF1A971F69862363807B5A54C45F2A152C88C6763EAB8EF41F5EBA3B65C93DDB7C424D8C38
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    Preview:.PNG........IHDR.............d.=.....pHYs.................sRGB.........gAMA......a...L.IDATx..}...U...{r...K.H.P.Q...f<.=.y.z..q.Y..z.9'....."9.e.......3..;.3..Y.....L.....oW..W.C.a..U#..9...."....B..^...w......_p\.N8...CH....4.\....`..X....V...'..iA..G.A.t)x.B.r.9.-...........o.T.U.-.............+...N.E......i...'...v.B.b.]_.<.Q..AB@.e....v.rkx....^hzI........u`../.Z.g!. G.A..B.N....+o...[.H"...B.....CM.M..#....H.4y.....(CL....s.6I....@`...pC...c[:.I..f.S1mj..P.8...1......x............!.#C...+.TL..7....M....I........n.E..6j...:93...`.-S!...1..z....:..u....'i...j.......AB@...!A;.g.{.zuz.q.. .4L...>.y..l.%)..E.yZ..a..+...1=....s=}.I..;*m1..~....B.x.'{'..S1!.....`...[/)."..n..S.c!.3.R...f.9.]......$.........r....$)..YF.D..q.....F. =`D.b$.J.-...;.|.n..z...&m...s.G....}F..`.r.....p.b...nF.i.7B.H@4"F.....G..N.C\|.***..O...).A..2..FM...P*......b....p:.R.....2......<=~E....&|...k......$.G.h..)..9.....o.@a!m.PG.2U.V...&:.E. .p....._....>..Bik.u.

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 384

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (14441)
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):311943
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.552194599913997
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7378C32C1922EFAC4187FFE68F437184
                                                                                                                                                                                                                                                                                                    SHA1:896866B17028049E8AC1FF5D01464F77087F47B0
                                                                                                                                                                                                                                                                                                    SHA-256:0F7F3E60DC8F241D694CB2A45EF2B1300F116A439806081903A4F370BFF693C4
                                                                                                                                                                                                                                                                                                    SHA-512:2792803B7B03ECED237F4F09D594B3DC285D532FA2961232052C328A4BD09AE7AF26E2CDFC3A66368229E6CD9E7B182F6D1797DC8E68E6707C4795856F8B91EF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://www.googletagmanager.com/gtag/js?id=G-VFQWFX3X1C
                                                                                                                                                                                                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"3",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":"google.ca"},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":"google.ca"},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_cross_domain","priority":38,"vtp_rules":["list","pcapp\\.store","pcappstore\\.download"],"tag_id":17},{"function":"__ogt_ga_send","priority":28,"vtp_value":true,"tag_id":19},{"function":"__ogt_referral_exclusion","priority":28,"vtp_includeConditions":["list","veryfast\\.io"],"tag_id":20},{"function":"__ogt_session_timeout","priority":28,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":21},{"function":"__ogt_1p_data_v2","priority":28,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityTy

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 385

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2871), with no line terminators
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):2871
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.888557564947745
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:DF1B4B9D6066A31590D884C65F98ABC8
                                                                                                                                                                                                                                                                                                    SHA1:878935499E44AC89780D2DC951A06B605F71ED34
                                                                                                                                                                                                                                                                                                    SHA-256:6B21BB26DC8AEFCE06B430CAF62640D31F7EB8AAED9D769AD140DF7DC4B41438
                                                                                                                                                                                                                                                                                                    SHA-512:12344FF8D39D9C202B9C265CE71CA058E4B44689CE5F24CF30C833756FF410540181426BF7782A288AF4FFEAF855CF865589603774A2FC347CE5C50FD252AFEF
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1705436182336&cv=11&fst=1705436182336&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4
                                                                                                                                                                                                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&k[610401301];g=null!=r?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&-1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;0<=(b=d.indexOf("fmt",b))&&b<a;){var c=d.charCodeAt(b-1);if(38==c||63==c)if(c=d.charCodeAt(b+3),!c||61==c||38==c||35==c)br

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 386

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (4179)
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):239020
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.5449169504514835
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:4F08BEA2C6CC91750962FB1581E84C60
                                                                                                                                                                                                                                                                                                    SHA1:92625A5BCD2D1B2F6B280AF0695BE9EEF8423CC6
                                                                                                                                                                                                                                                                                                    SHA-256:B8D4BBE5B682680F6D9D5E4892497561EA3604D560EA051FE68854435A0C0F60
                                                                                                                                                                                                                                                                                                    SHA-512:A133AF0B3C166188556D572150620B43783B1D130ED1C4A84560C59388C08D8E757B9C264770A15E9C757E8685908A5419A013DF964BF2BDCF5454C10D16FF75
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://www.googletagmanager.com/gtag/js?id=AW-858128210
                                                                                                                                                                                                                                                                                                    Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"}],. "tags":[{"function":"__ogt_ads_datatos","priority":16,"vtp_instanceDestinationId":"AW-858128210","tag_id":10},{"function":"__ogt_1p_data_v2","priority":6,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regi

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 387

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):86622
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.538706524182821
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:7C2DE6A0214CDEE0D8D8DB39EF1B87E5
                                                                                                                                                                                                                                                                                                    SHA1:E68A7BEE24B5EB860956E445928F3AAA47D9DFBD
                                                                                                                                                                                                                                                                                                    SHA-256:90A4379F037AD6AB2CF4E70AB462E199F4E81D3224475B07A67DCB63402C920A
                                                                                                                                                                                                                                                                                                    SHA-512:1A251C3FD51CE16C2DEE7FAB5DFA36CD076D3A17A270DA34BC7A1F1F94884E1388E807ACBB9413D8726BB43DFCC18A6440BAE47F8CEB30D674C613D1D0EE6162
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://td.doubleclick.net/td/rul/858128210?random=1705436182296&cv=11&fst=1705436182296&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config
                                                                                                                                                                                                                                                                                                    Preview:<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhwaXJ5IjoxNjk1MTY3OTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0="></head><body><script>var ig_list={"interestGroups":[{"action":0,"expirationTimeInSeconds":2592000,"interestGroupAttributes":{"owner":"https://td.doubleclick.net","name":"1j7904705661","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=1j7904705661","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sRR5oKQ!2sZc5xFw!3sAAptDV6U9uKC"],"userBiddingSignals":[["596093288","475816165","7904283812"],null,1705436183800091],"ads":[{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489\u0026cr_id=678080561709\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${REND

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 388

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):2230
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.38757801396713
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:2D6165244545E2729CD109C3EC179FF2
                                                                                                                                                                                                                                                                                                    SHA1:169AAA14591C01C3DFC6839A479AE11FDF59E878
                                                                                                                                                                                                                                                                                                    SHA-256:DD8CD8C7DC16F30B6D6E738D78747ED2B2C151BEBDBF9F5C12D23C5DD6AC4C82
                                                                                                                                                                                                                                                                                                    SHA-512:33951E2F81F6985865E54EF237B4DFFDF789B6D6815F5BD17981E56016D5ADAD3AD02F461F3C993658166AA3AFCC9A779F15D399D41CB2D50E4B285E9AAC09E2
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://fonts.googleapis.com/css2?family=Poppins:wght@400;700&display=swap
                                                                                                                                                                                                                                                                                                    Preview:/* devanagari */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJbecmNE.woff2) format('woff2');. unicode-range: U+0900-097F, U+1CD0-1CF9, U+200C-200D, U+20A8, U+20B9, U+25CC, U+A830-A839, U+A8E0-A8FF;.}./* latin-ext */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJnecmNE.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20CF, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'Poppins';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+

                                                                                                                                                                                                                                                                                                    Chrome Cache Entry: 389

                                                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (2873), with no line terminators
                                                                                                                                                                                                                                                                                                    Category:downloaded
                                                                                                                                                                                                                                                                                                    Size (bytes):2873
                                                                                                                                                                                                                                                                                                    Entropy (8bit):5.892134745943866
                                                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                                                    SSDEEP:
                                                                                                                                                                                                                                                                                                    MD5:91E8B3CF0549118DFE7855C78CA02262
                                                                                                                                                                                                                                                                                                    SHA1:88DDAE6F4B032F59B0EFE755716BB690D1DDD853
                                                                                                                                                                                                                                                                                                    SHA-256:F2D6C71B2DAAA8275488DC8315A742C153C447ECCA4712B72DB2ED6A18ED36F3
                                                                                                                                                                                                                                                                                                    SHA-512:8B3272CF0C69D37174D7EA35B570E5030799362C8D8570C7FFF4FCCFBC9196AA379C5AD8B8F595E97EBE7EAEE92ED587DE4A217E30B63F1BB94CE4E448D9E89D
                                                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                                                    URL:https://googleads.g.doubleclick.net/pagead/viewthroughconversion/858128210/?random=1705436182296&cv=11&fst=1705436182296&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
                                                                                                                                                                                                                                                                                                    Preview:(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var r=k&&k[610401301];g=null!=r?r:!1;var t,v=f.navigator;t=v?v.userAgentData||null:null;function w(d){return g?t?t.brands.some(function(a){return(a=a.brand)&&-1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("Silk")};!x("Android")||z();z();!x("Safari")||z()||(y()?0:x("Coast"))||(y()?0:x("Opera"))||(y()?0:x("Edge"))||(y()?w("Microsoft Edge"):x("Edg/"))||y()&&w("Opera");var A=/#|$/;function B(d){var a=d.search(A),b;a:{for(b=0;0<=(b=d.indexOf("fmt",b))&&b<a;){var c=d.charCodeAt(b-1);if(38==c||63==c)if(c=d.charCodeAt(b+3),!c||61==c||38==c||35==c)br

                                                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                                    Entropy (8bit):7.999991886023909
                                                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                    File name:nso7806.exe
                                                                                                                                                                                                                                                                                                    File size:88'750'488 bytes
                                                                                                                                                                                                                                                                                                    MD5:0e167b5aeec155c784c678d42a22e1b9
                                                                                                                                                                                                                                                                                                    SHA1:6876b0a2a8d90fd7b8ebcddc2b48cbff2a821acc
                                                                                                                                                                                                                                                                                                    SHA256:72528d094438e300e028d80183b3ea5424897999123ffde14e06645d489343ae
                                                                                                                                                                                                                                                                                                    SHA512:0c04a4234028c7f167cb5280977cfef3bc32837522d8788f364c7c6b2e3ddf83278650d325ca8b5acb772bc33afbecc8f4285ab69c36695dc967c42232337df8
                                                                                                                                                                                                                                                                                                    SSDEEP:1572864:5gJbxdFyA3a2dYbUZ7+FZagYxaywIi/BzVnrNdCWWE7r4rFxiwcSrKV8GeWCbTdj:5ibx7j33dYbdFZhYPw9/BzVrdWE7srXn
                                                                                                                                                                                                                                                                                                    TLSH:C11833AA09DCAE44D99D0632FB7DBCE0455ADEA6463C5609A7FD370AD23DE80301D13B
                                                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                                                    Icon Hash:45d44c7192498005

                                                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Entrypoint:0x403640
                                                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                    Digitally signed:true
                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                    Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                    Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                                                                                                                                                                                                                                    Authenticode Signature

                                                                                                                                                                                                                                                                                                    Signature Valid:true
                                                                                                                                                                                                                                                                                                    Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                                    Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                                    Error Number:0
                                                                                                                                                                                                                                                                                                    Not Before, Not After
                                                                                                                                                                                                                                                                                                    • 13/02/2023 01:00:00 15/02/2024 00:59:59
                                                                                                                                                                                                                                                                                                    Subject Chain
                                                                                                                                                                                                                                                                                                    • CN=Fast Corporate LTD, O=Fast Corporate LTD, L=Ra'anana, C=IL, SERIALNUMBER=515636181, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL
                                                                                                                                                                                                                                                                                                    Version:3
                                                                                                                                                                                                                                                                                                    Thumbprint MD5:6BD6E553625E804E96AF4AB0395E06CD
                                                                                                                                                                                                                                                                                                    Thumbprint SHA-1:0E2ED8280DB0068F76018744BB81F6B0EAAA06A4
                                                                                                                                                                                                                                                                                                    Thumbprint SHA-256:174D6BD057CEBD51F710366D9EA58D73250AE9EFE8F0F79AE341A95D87DA3E37
                                                                                                                                                                                                                                                                                                    Serial:0E2A84CE689A96E7A4E0B9F915300FF7

                                                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                                                    mov ebp, esp
                                                                                                                                                                                                                                                                                                    sub esp, 000003F4h
                                                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                                                                                                                    pop edi
                                                                                                                                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-04h], 0040A230h
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                                                                                                                                    call dword ptr [004080C8h]
                                                                                                                                                                                                                                                                                                    mov esi, dword ptr [004080CCh]
                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                                                    jne 00007F77EC4FB86Ah
                                                                                                                                                                                                                                                                                                    lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                                    mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                                                    call esi
                                                                                                                                                                                                                                                                                                    mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                                                                                                                                    mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                                                                                                                                    sub ax, 00000053h
                                                                                                                                                                                                                                                                                                    add ecx, FFFFFFD0h
                                                                                                                                                                                                                                                                                                    neg ax
                                                                                                                                                                                                                                                                                                    sbb eax, eax
                                                                                                                                                                                                                                                                                                    mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                                                                                                                                    not eax
                                                                                                                                                                                                                                                                                                    and eax, ecx
                                                                                                                                                                                                                                                                                                    mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                                                                                                                                    cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                                                                                                                                    jnc 00007F77EC4FB83Ah
                                                                                                                                                                                                                                                                                                    and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                                                                                                                                    mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                                                                                                                                    movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                                                                                                                                    mov dword ptr [0042A318h], eax
                                                                                                                                                                                                                                                                                                    xor eax, eax
                                                                                                                                                                                                                                                                                                    mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                                                                                                                                    movzx eax, ax
                                                                                                                                                                                                                                                                                                    or eax, ecx
                                                                                                                                                                                                                                                                                                    xor ecx, ecx
                                                                                                                                                                                                                                                                                                    mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                                                                                                                                    movzx ecx, cx
                                                                                                                                                                                                                                                                                                    shl eax, 10h
                                                                                                                                                                                                                                                                                                    or eax, ecx

                                                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x5b0000x4f50.rsrc
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x54a10400x2958
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                    .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                    .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                    .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                    .ndata0x2b0000x300000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                    .rsrc0x5b0000x4f500x5000False0.102099609375data2.7630699240543244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                    RT_ICON0x5b2080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.036372224846480866
                                                                                                                                                                                                                                                                                                    RT_DIALOG0x5f4300x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                                                    RT_DIALOG0x5f6380xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                                                    RT_DIALOG0x5f7300xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                                                                                    RT_DIALOG0x5f7d00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x5f8c00x14dataEnglishUnited States1.1
                                                                                                                                                                                                                                                                                                    RT_VERSION0x5f8d80x24cdataEnglishUnited States0.4914965986394558
                                                                                                                                                                                                                                                                                                    RT_MANIFEST0x5fb280x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                                                    ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                                                                                                                                    ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                                                                                    USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                                                                                                                                    GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                                    KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.045283079 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.045324087 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.295284033 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.911384106 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.911418915 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.911480904 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.912579060 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:57.912590981 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.267577887 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.267637968 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.272085905 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.272093058 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.272429943 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.274153948 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.274220943 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.274225950 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.274338007 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.321901083 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.395103931 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.395199060 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.395250082 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.395360947 CET49721443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:15:58.395375967 CET4434972120.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.007736921 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.007772923 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.007848024 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.008614063 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.008626938 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.367528915 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.367594957 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.369705915 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.369719028 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.370085001 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.371884108 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.372056961 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.372056961 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.372061968 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.413899899 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.484991074 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.485166073 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.485232115 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.485366106 CET49722443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:05.485388994 CET4434972220.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:06.654650927 CET49673443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:06.654661894 CET49674443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:06.904680014 CET49672443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.174031019 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.174073935 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.174141884 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.295464993 CET44349718173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.295562029 CET49718443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.374475002 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.374494076 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.464160919 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.464200974 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.464405060 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.479387999 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.479419947 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.487863064 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.487889051 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.487967014 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.488459110 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.488471031 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.489340067 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.489367962 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.489432096 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.489763975 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.489779949 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.682286024 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.682478905 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.682487965 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.682868958 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.682921886 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.683579922 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.683636904 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.685112953 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.685174942 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.685460091 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.685466051 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.703663111 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.703911066 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.703933001 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.705171108 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.705235958 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.706283092 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.706350088 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.706487894 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.706500053 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.734042883 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.748210907 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.751446009 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.752228022 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.752238035 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.753278971 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.753905058 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.754317045 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.754379034 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.754576921 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.797909021 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.809345007 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.809353113 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.861613035 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.883342028 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.883471012 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.883523941 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.884144068 CET49726443192.168.2.6142.250.72.110
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.884160042 CET44349726142.250.72.110192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.045125008 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.045284986 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.045505047 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.046355963 CET49727443192.168.2.6142.251.111.84
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.046370029 CET44349727142.251.111.84192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.213813066 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.215919018 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.215955973 CET4434972445.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.216002941 CET49724443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.216691971 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.216736078 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.216821909 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.217166901 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.217185020 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.415628910 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.415926933 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.415949106 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.417320013 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.417398930 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.417746067 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.417843103 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.417900085 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.461913109 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.468023062 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.468046904 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.515378952 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830282927 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830342054 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830360889 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830389023 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830400944 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830430984 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830445051 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830450058 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830470085 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830487013 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830490112 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830513954 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830514908 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.830529928 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.868697882 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.868740082 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.868813038 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.869612932 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.869659901 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.869725943 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.870793104 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.870809078 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.871366024 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.871635914 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.871660948 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917668104 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917706966 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917748928 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917757988 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917814970 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917828083 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917862892 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.917944908 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.918004036 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.918009043 CET4434973045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.918028116 CET49730443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.922864914 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.922892094 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.922949076 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.923382044 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.923393965 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.094991922 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.095381975 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.095422029 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.095733881 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.096199036 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.096267939 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.096385956 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.137907028 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.157669067 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.158720970 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.158732891 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.159724951 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.159791946 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.160141945 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.160197020 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.160379887 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.160386086 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:11.201756954 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.082623005 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.082706928 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.082849979 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.084192991 CET49733443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.084203959 CET4434973345.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.181400061 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.181444883 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.181525946 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.182017088 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.182029963 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385004044 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385021925 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385035038 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385108948 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385123968 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.385169029 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.397254944 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.397501945 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.397528887 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.398567915 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.398634911 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.399007082 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.399064064 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.399152994 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.441996098 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.442017078 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.488646984 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.630783081 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.630888939 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.630934954 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.631778002 CET49740443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.631792068 CET44349740104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.855115891 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.855161905 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.855231047 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.856858969 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.856873035 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.047799110 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.051309109 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.051322937 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.052380085 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.052473068 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.054339886 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.054440022 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.107197046 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.107213020 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.153490067 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441205025 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441219091 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441257954 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441323042 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441338062 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.441380978 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737462044 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737478971 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737514019 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737608910 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737632036 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737647057 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:14.737674952 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.316078901 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.316111088 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.316179037 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.321499109 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.321516037 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.512831926 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.512953997 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.639211893 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.639246941 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.639537096 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.692517042 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.726356030 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.726378918 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.726485014 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.727123022 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.727134943 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.754009962 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.797908068 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.799388885 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.799463987 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.842058897 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.842494965 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.842506886 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.842865944 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843417883 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843487024 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843678951 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843707085 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843780994 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.843827009 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.844399929 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.844405890 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.844415903 CET49742443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.844420910 CET4434974223.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.881525993 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.881536007 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.881592989 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.882461071 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.882472992 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.889903069 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.901145935 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.901190042 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.901451111 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.901530981 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.909913063 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:15.953911066 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.027288914 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.027360916 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.027389050 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.027446985 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.029874086 CET49723443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.029912949 CET44349723167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.078062057 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.078246117 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.078288078 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.078385115 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.080370903 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.080374956 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.080666065 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.081275940 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.081279039 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.081517935 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.082228899 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.082282066 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.082295895 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.082427979 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.082990885 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.125906944 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.129900932 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.197695971 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.197792053 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.197907925 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.197961092 CET49743443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.197972059 CET4434974320.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.246646881 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.246773958 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.246994019 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.249366999 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.249387026 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.249416113 CET49744443192.168.2.623.51.58.94
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:16.249422073 CET4434974423.51.58.94192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.184514046 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.184550047 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.184628963 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.186546087 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.186561108 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.288372993 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.288410902 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.288475037 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.288885117 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.288897038 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.472559929 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.472619057 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.473138094 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.473148108 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.473356009 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.473361015 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.597310066 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.597390890 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.598923922 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.598936081 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.599174976 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.640294075 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.715095997 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.715159893 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.715171099 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.715312958 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.722593069 CET49746443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.722610950 CET44349746167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.799021006 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:17.841898918 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066513062 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066543102 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066551924 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066561937 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066601038 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066637993 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066656113 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066669941 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.066715956 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.067601919 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.067666054 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.067672968 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.067684889 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.067728043 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.099404097 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.099421978 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.099435091 CET49745443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.099440098 CET4434974513.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.523641109 CET49718443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.523758888 CET49718443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.524127960 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.524164915 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.524285078 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.524586916 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.524599075 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.682755947 CET44349718173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.682821035 CET44349718173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.857201099 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:18.858238935 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.259586096 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.259615898 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.259987116 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.260052919 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.261707067 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.261707067 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.261739016 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.628622055 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.628675938 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.628962040 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.628995895 CET44349748173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:19.629041910 CET49748443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.917264938 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.917447090 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.917499065 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.917535067 CET49732443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.917551041 CET4434973245.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.968724966 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.968817949 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.969125032 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.970712900 CET49731443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:22.970722914 CET4434973145.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.156879902 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.156915903 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.156986952 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.157313108 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.157327890 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.186367035 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.186395884 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.186460018 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.187360048 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.187371016 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.195854902 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.195890903 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196080923 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196296930 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196311951 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196394920 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196734905 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.196743965 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.197123051 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.197143078 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305205107 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305247068 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305318117 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305659056 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305701017 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.305747986 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306006908 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306021929 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306771994 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306786060 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.308578968 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.308607101 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.308655977 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.309309959 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.309326887 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.346620083 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.346883059 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.346903086 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.347292900 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.347345114 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.348022938 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.348086119 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.350034952 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.350099087 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.350210905 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.394287109 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.394306898 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.402894974 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.404218912 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.404230118 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.404613018 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.404673100 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.405330896 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.405400038 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.409820080 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.409897089 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.410239935 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.410247087 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.412858963 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.413110018 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.413120031 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.414138079 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.414212942 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.415405035 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.415458918 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.415680885 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.415688038 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.437217951 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.452542067 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.467554092 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.541373014 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.541446924 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.541537046 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.542135000 CET49749443192.168.2.6142.250.176.206
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.542152882 CET44349749142.250.176.206192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.589838982 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.591679096 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.591995001 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592113972 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592138052 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592312098 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592327118 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592442036 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.592454910 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593206882 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593267918 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593372107 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593436003 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593494892 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.593548059 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.596071005 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.596313000 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.596360922 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.596908092 CET49752443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.596923113 CET44349752142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.600016117 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.600246906 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.600449085 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.600456953 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601205111 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601293087 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601423025 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601505041 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601675987 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601684093 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601785898 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.601797104 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.606967926 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.607080936 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.607213020 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.607656956 CET49751443192.168.2.6172.253.62.154
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.607675076 CET44349751172.253.62.154192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.655680895 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.655692101 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.655821085 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846152067 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846194983 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846240997 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846271992 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846287966 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846330881 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846337080 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846355915 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.846400023 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.848211050 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.849235058 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.849288940 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.849303961 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.849562883 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.849605083 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.851042986 CET49754443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.851054907 CET44349754142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.854984999 CET49753443192.168.2.6142.251.40.162
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.854996920 CET44349753142.251.40.162192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.882955074 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883003950 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883030891 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883070946 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883074045 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883088112 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883130074 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883137941 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.883171082 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.890826941 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.899389982 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.899415016 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.899490118 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.899502039 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.899538994 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.908236027 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.917094946 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.917152882 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.917165041 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953213930 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953255892 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953325987 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953862906 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953907013 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.953955889 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.954782963 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.954797983 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.955065966 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.955079079 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.965605974 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.008735895 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.015887022 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.015909910 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.015969992 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.015983105 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.016025066 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.023031950 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.031177998 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.031241894 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.031255960 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.031265974 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.031322002 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.039171934 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.047894001 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.047938108 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.047947884 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.051321983 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.051386118 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.051438093 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.056575060 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.056617975 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.056658983 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.056668043 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.056736946 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.068496943 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.075089931 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.075170994 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.075181007 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.083127022 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.083154917 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.083182096 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.083193064 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.083228111 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.091088057 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.099469900 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.099510908 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.099531889 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.099540949 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.099574089 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.107510090 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.113650084 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.113682985 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.113696098 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.113708973 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.113756895 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.134422064 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.138340950 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.138375044 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.138426065 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.138437033 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.138535023 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.146524906 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.154290915 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.154321909 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.154375076 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.154385090 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.154433966 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.161628962 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.161629915 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.161950111 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.161974907 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.162029028 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.162178040 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.162199974 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.163104057 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.163177967 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.163208961 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.163256884 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.164465904 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.164526939 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165086031 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165157080 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165333986 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165340900 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165488958 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.165503979 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.169068098 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.169116974 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.169126987 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.176115036 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.178767920 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.178778887 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.183218002 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.186723948 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.186733961 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.189126015 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.189322948 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.189332962 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.195664883 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.195722103 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.195732117 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.205275059 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.205311060 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.205451965 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.205462933 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.205497980 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.207988977 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.207997084 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.211895943 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.219050884 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.219077110 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.219099998 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.219110966 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.219408989 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224446058 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224632978 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224687099 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224698067 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224767923 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.224812984 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.288763046 CET49755443192.168.2.6142.251.40.98
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.288784027 CET44349755142.251.40.98192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.370404959 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.370687962 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.370759010 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.376173019 CET49761443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.376189947 CET44349761142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.395965099 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.396053076 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.396212101 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.397336006 CET49760443192.168.2.6142.250.65.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.397352934 CET44349760142.250.65.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.432656050 CET49741443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.432686090 CET44349741142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.533227921 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.533267975 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.533354044 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.533844948 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.533859968 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.537132978 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.537168980 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.537378073 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.537626028 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.537638903 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.538552046 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.538592100 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.538701057 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.539001942 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.539016008 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.721414089 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.722069025 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.722085953 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.723143101 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.723207951 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.723515987 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.723579884 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.723742962 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.726041079 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.726701021 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.726716995 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.727708101 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.727762938 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.728029966 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.728101015 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.728169918 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.728184938 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.769896984 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.780458927 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.841964960 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.841988087 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.941581011 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.941658974 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.942538977 CET49764443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.942553997 CET44349764142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.948576927 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.948646069 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.948743105 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.949229002 CET49765443192.168.2.6142.251.32.100
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.949240923 CET44349765142.251.32.100192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.788476944 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.788886070 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.788903952 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.789246082 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.789803028 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.789874077 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.790152073 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:25.833908081 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.454896927 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.457047939 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.457135916 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.457751989 CET49766443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.457765102 CET4434976645.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.464329958 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.464378119 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.464468956 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.465049982 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.465068102 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.549194098 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.559825897 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.559843063 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.560400009 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.561903000 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.561979055 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.564393044 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.605906963 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.859704018 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.859787941 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.860126019 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.871166945 CET49750443192.168.2.645.32.1.23
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:26.871184111 CET4434975045.32.1.23192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.160629988 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.160655975 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.160713911 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.161154985 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.161164999 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.353030920 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.361629009 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.361641884 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.362217903 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.367933035 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.368022919 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.369318962 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.413906097 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.547100067 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.547203064 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.552512884 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.614984035 CET49769443192.168.2.6142.251.35.174
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:28.615008116 CET44349769142.251.35.174192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.686444998 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.686785936 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.686804056 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.687156916 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.687818050 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.687881947 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.687984943 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.733896971 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.887727022 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.887811899 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.887859106 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.889115095 CET49768443192.168.2.6104.248.126.225
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:29.889132977 CET44349768104.248.126.225192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.001128912 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.001166105 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.001226902 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.002290010 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.002302885 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.349237919 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.349314928 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.351388931 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.351399899 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.351645947 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.354384899 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.354464054 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.354469061 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.354842901 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.397907972 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.465298891 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.465374947 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.465425014 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.465861082 CET49770443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:30.465878963 CET4434977020.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:37.005934954 CET804972972.21.81.240192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:37.006025076 CET4972980192.168.2.672.21.81.240
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.005588055 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.005614042 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.005752087 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.006303072 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.006320953 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.187858105 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.189172029 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.189172029 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.189172029 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.189201117 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.189218044 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.398885012 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.398958921 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.399013996 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.399013996 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.399677992 CET49771443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.399709940 CET44349771167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.452145100 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.452191114 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.452259064 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.452620029 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.452635050 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.638436079 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.638509035 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.641853094 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.641870022 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.642059088 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.642071009 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.836849928 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.836915016 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.836920023 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.836961031 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.837570906 CET49772443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:43.837606907 CET44349772167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:44.033252954 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:44.033287048 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:44.033411980 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:44.033864975 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:44.033878088 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.242264032 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.242747068 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.242747068 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.242759943 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.245908022 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.245912075 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.505448103 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.505507946 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.505508900 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.505549908 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.508049965 CET49773443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.508066893 CET44349773167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.732151985 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.732203960 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.732300997 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.732909918 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.732928038 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.870384932 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.870414019 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.870604038 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.874120951 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.874135017 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.915534019 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.915734053 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.916102886 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.916110039 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.916332006 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:45.916336060 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.129452944 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.129528999 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.129530907 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.129570961 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.130247116 CET49774443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.130264997 CET44349774167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.087809086 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.087904930 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.095937967 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.095946074 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.096349955 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.137728930 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.265923023 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.309941053 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.381794930 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.381877899 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.382527113 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.382740021 CET49775443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:49.382757902 CET44349775167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.424160957 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.424204111 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.424263000 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.424278975 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.431993008 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.432024956 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.512469053 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.512557030 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.519583941 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.607537985 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.628328085 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.628608942 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.628648043 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.487598896 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.487646103 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.487782955 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.488483906 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.488507032 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.639604092 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.732867002 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.750498056 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.751035929 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.751219988 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.834383011 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.834570885 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.836884975 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.836903095 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.837366104 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.839173079 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.839351892 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.839359045 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.839641094 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.881897926 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.950251102 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.950450897 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.950531006 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.950577974 CET49779443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.950599909 CET4434977920.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:54.779772997 CET49780443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:54.779822111 CET44349780167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:54.779880047 CET49780443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:54.785372019 CET49780443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:54.785382986 CET44349780167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.062974930 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.063011885 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.063127041 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.063934088 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.063945055 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.312561989 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.312591076 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.312740088 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.313591957 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.313608885 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.378532887 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.378560066 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.378626108 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.379111052 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.379116058 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.473860025 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.473937035 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.475552082 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.475569010 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.475783110 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.487704992 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.496963978 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.497687101 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.497716904 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.498673916 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.498743057 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.533906937 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.564112902 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.569231033 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.569247007 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.570406914 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.570755959 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.577816963 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.578025103 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579596996 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579731941 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.622023106 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.622041941 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.622056007 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.622066021 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.669008970 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.670067072 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.875590086 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.875614882 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.875629902 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.875931978 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.875957966 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876055956 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876184940 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876211882 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876266003 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876285076 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.876820087 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.883420944 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.883420944 CET49781443192.168.2.613.85.23.86
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.883445024 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.883455992 CET4434978113.85.23.86192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.422064066 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.422101021 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.422316074 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.423804998 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.423823118 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.425951004 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.426000118 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.426400900 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.427079916 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.427098989 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.453022003 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.453061104 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.453134060 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.453731060 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.453752041 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.610027075 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.615617037 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.622956038 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.622986078 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.623225927 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.623248100 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.623997927 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.624068022 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.624182940 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.624243021 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.639148951 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.662116051 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.662138939 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.665563107 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.665703058 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.666790962 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.666867971 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.668581963 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.668879032 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.670140028 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.670396090 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.674294949 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.674325943 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.674669027 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.674685955 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.717582941 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.717587948 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.717606068 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.717648983 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.764494896 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.778737068 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.779441118 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.779467106 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.780972004 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.780977964 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.805315971 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.805768967 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.806091070 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.816627979 CET49784443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.816647053 CET44349784142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:58.275871038 CET49780443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:58.923898935 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.016889095 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.025583029 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.025660992 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.025741100 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.025949001 CET49778443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.025969028 CET44349778167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.035039902 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.035060883 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.035126925 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.039735079 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.132983923 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.152676105 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.152837992 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.153395891 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:03.301170111 CET49787443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:03.301223993 CET44349787167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:03.301317930 CET49787443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:03.303972006 CET49787443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:03.303997993 CET44349787167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064240932 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064274073 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064287901 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064340115 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064363956 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064399958 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064416885 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.064486027 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.066010952 CET49786443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.066023111 CET44349786167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.413611889 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.413651943 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.413824081 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.414351940 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.414364100 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.601667881 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.602263927 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.602274895 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.603161097 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.603969097 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.603969097 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.603969097 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.603991032 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.604032993 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.653795004 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.653814077 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.700351000 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.820760012 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.820831060 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.820940971 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.822108984 CET49788443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.822124004 CET44349788167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.900938034 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.900974035 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.901072979 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.901421070 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.901438951 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.208996058 CET49787443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.095148087 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.095552921 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.095577002 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.096503973 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.096590996 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.096975088 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.097033978 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.097310066 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.097316027 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:07.139106989 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.489626884 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.489701986 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.489756107 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.558151007 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.558218956 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.558315039 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781354904 CET49783443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781354904 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781384945 CET44349783162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781400919 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781466007 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781845093 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.781863928 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.044666052 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.045008898 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.045022964 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.045902014 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.047534943 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.047534943 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.047588110 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.048072100 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.089914083 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.092695951 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.092729092 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.139586926 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.325706005 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.325817108 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.327207088 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.327207088 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.327224970 CET44349791142.251.40.106192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.327267885 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:11.327267885 CET49791443192.168.2.6142.251.40.106
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.670290947 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.670317888 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.670409918 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.670701981 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.670711040 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.869245052 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.869776011 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.869798899 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.870286942 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.872633934 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.872711897 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:13.920361042 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535324097 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535397053 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535417080 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535526991 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535527945 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535594940 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.535634041 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.536392927 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.538244963 CET49789443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.538274050 CET44349789167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.745362043 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.745383978 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.745456934 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.745848894 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:14.745862007 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.571708918 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.571763992 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.571955919 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.572678089 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.572700024 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.979331970 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.979764938 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.979794979 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.981282949 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.981350899 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.981801987 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.981906891 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:15.982048035 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.025909901 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.028534889 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.028556108 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.066550970 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.066652060 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.068495989 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.068516970 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.068850040 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.070570946 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.070655107 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.070667982 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.070823908 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.075437069 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.113914967 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.183291912 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.183509111 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.183878899 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.185025930 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.185051918 CET4434979420.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.185064077 CET49794443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193871975 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193907976 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193923950 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193952084 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193974972 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.193986893 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.194041014 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.194055080 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.195468903 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.197040081 CET49793443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.197052956 CET44349793167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.829000950 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.829032898 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.829096079 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.829422951 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:16.829435110 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.038394928 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.038800001 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.038809061 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.040275097 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.040353060 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.040749073 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.040836096 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.041055918 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.085908890 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.091368914 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.091381073 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.138356924 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254044056 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254081011 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254091978 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254121065 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254194975 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254195929 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254200935 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.254239082 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.257920027 CET49795443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.257949114 CET44349795167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.549264908 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.549307108 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.549525023 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.550019979 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:18.550035000 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.768775940 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.769150972 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.769211054 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.770684004 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.770745993 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.771120071 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.771208048 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.771348000 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.771365881 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.817827940 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979271889 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979327917 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979350090 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979401112 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979470015 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979506016 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979520082 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.979567051 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.980900049 CET49796443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:19.980937004 CET44349796167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:20.952915907 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:20.952965021 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:20.953098059 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:20.953661919 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:20.953677893 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.270582914 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.271013975 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.271028042 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.276000023 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.276441097 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.276441097 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.276628971 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.276896954 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.321906090 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.325701952 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.325709105 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:21.372668982 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505474091 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505507946 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505517960 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505598068 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505609989 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505682945 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.505809069 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.506954908 CET49797443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.506968975 CET44349797167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.666409016 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.666475058 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.666552067 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.666969061 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.667007923 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.874020100 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.874372959 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.874434948 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.877837896 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.877912045 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.878355980 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.878448009 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.878560066 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.921066046 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.921123981 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:22.967751980 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083498955 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083565950 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083586931 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083688974 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083692074 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083693027 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083770990 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083811998 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.083818913 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.084136963 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.085052967 CET49798443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.085086107 CET44349798167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.158782005 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.158823013 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.158878088 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.159363031 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.159380913 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.161319017 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.161401987 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.161514044 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.162938118 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163026094 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163109064 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163134098 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163141012 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163574934 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.163613081 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.164367914 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.164403915 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.164475918 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.165179968 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.165209055 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.165407896 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.166222095 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.166246891 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.166310072 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.166889906 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.166903973 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.167299986 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.167310953 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.167728901 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.167753935 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.386981964 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.387022018 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.387094021 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.397335052 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.397370100 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.415914059 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.416454077 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.416513920 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.417156935 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.417514086 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.417537928 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.418024063 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.418112993 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.418736935 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.418829918 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.419004917 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.419064999 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.419931889 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.420023918 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.420191050 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.420212030 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.420268059 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.420279980 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.467742920 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.471257925 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.565752983 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.565778971 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.565840960 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.568651915 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.568665028 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.622236967 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.622342110 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.622419119 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.640934944 CET49800443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.640984058 CET44349800167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.644232988 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.644244909 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.644305944 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.646158934 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.646169901 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.836492062 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.837404966 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.837413073 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.838988066 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.839049101 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.839818001 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.839894056 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.844005108 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.844012976 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.855998039 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.856101990 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.856142998 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.896256924 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.922866106 CET49792443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.922885895 CET44349792142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923111916 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923139095 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923147917 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923166990 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923177004 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923186064 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923194885 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923211098 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923259974 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923450947 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923502922 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923507929 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923526049 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.923567057 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.930912018 CET49804443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.930923939 CET44349804167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.931832075 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.931859970 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.931936026 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.932830095 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:23.932840109 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.102662086 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.102777958 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.102914095 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.104882956 CET49807443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.104897976 CET44349807167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.107207060 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.107243061 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.107291937 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.111131907 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.111145973 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.145072937 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.145526886 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.145538092 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.146989107 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.147056103 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.148214102 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.148286104 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.148658991 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.148663044 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.197567940 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.228785992 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.228851080 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.228928089 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.229713917 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.229746103 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.229809999 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.230645895 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.230684042 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.231041908 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.231704950 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.231726885 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.231794119 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.232786894 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.232805967 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.232878923 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.233549118 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.233557940 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.233669043 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.234498978 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.234533072 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.234647036 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.234659910 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235114098 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235141993 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235465050 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235480070 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235852957 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.235879898 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.236268997 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.236300945 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.274368048 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.274452925 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.274533987 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.275962114 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.276042938 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.276123047 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.276716948 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.276745081 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.276801109 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.277301073 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.277334929 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.277395964 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279144049 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279175043 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279242992 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279633045 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279660940 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.279736042 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.280371904 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.280390024 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.280438900 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.282162905 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.282188892 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.285691977 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.285728931 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.298408031 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.298438072 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.299562931 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.299582958 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.299999952 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.300025940 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.300568104 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.300606966 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.303430080 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.303443909 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.304673910 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.304696083 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.304765940 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.305799961 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.305829048 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.306050062 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.307476044 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.307518959 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.307590961 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.308886051 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.308921099 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.308968067 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.309684038 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.309694052 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.311100960 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.311115980 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.311671972 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.311701059 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.312400103 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.312428951 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.436213970 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.438611031 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.438637972 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.439971924 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.440042973 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.440836906 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.440948009 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.441452980 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.441468000 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.449700117 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.450064898 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.457112074 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.457135916 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.457632065 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.457644939 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.458260059 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.458326101 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.458791971 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.458861113 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459131002 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459249973 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459328890 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459336996 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459767103 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.459847927 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.460746050 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.460753918 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.471601963 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.472321987 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.472338915 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.473217010 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.473907948 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.476576090 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.478142977 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.482764006 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.484262943 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.485591888 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.485651970 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.485790968 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.485812902 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.486166954 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.486181021 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.486916065 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.486991882 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.487236023 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.487236023 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.487319946 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.487664938 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.490979910 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491060972 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491143942 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491251945 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491758108 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491771936 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491900921 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.491918087 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.492969990 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.493057966 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.493633032 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.493732929 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.494287014 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.494297981 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.494323015 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.494362116 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.494373083 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.495403051 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.495419979 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.496484041 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.496550083 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.500277996 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.500389099 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.503418922 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.503480911 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.503618956 CET4434982589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.503671885 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.503706932 CET49825443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.504550934 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.506230116 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.506241083 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.507714033 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.507848024 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.508896112 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.508986950 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.509183884 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.509191990 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.531193972 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.532329082 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.532421112 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.534024000 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.534046888 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.534980059 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.535046101 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.538638115 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.538672924 CET4434982089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.538717985 CET49820443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.546739101 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.547873974 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.547895908 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.548365116 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.548580885 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.548975945 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.549035072 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.552112103 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.552150011 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.552269936 CET4434981689.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.552309990 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.552335024 CET49816443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.561203003 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.562304020 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.562318087 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.563221931 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.563309908 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.563520908 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.567223072 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.567267895 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.567373037 CET4434981889.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.567423105 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.567439079 CET49818443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.583172083 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.587378025 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.587402105 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.588478088 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.589303017 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.589389086 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.589806080 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.589818954 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.590598106 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.591582060 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.591634989 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.591737986 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.591752052 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.592698097 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.592756987 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.594400883 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.594438076 CET4434982489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.594489098 CET49824443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.598149061 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.598361015 CET4434982389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.598444939 CET49823443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.601277113 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.601435900 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.601560116 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.601572990 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.617605925 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.618791103 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.618804932 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.620115042 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.620178938 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.621738911 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.621822119 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.621906996 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.623024940 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.623056889 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.623171091 CET4434982289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.623238087 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.623249054 CET49822443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.628952980 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.629066944 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.629128933 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.632141113 CET49799443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.632155895 CET44349799167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.633078098 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.633102894 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.633193970 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.634150028 CET49802443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.634166002 CET44349802167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.635446072 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.635478020 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.635746956 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.635982037 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.637191057 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.637219906 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.637571096 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.637581110 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.638601065 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.638614893 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.638843060 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.638901949 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.642056942 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.642090082 CET4434982189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.642141104 CET49821443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.642272949 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.656570911 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.657557011 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.657569885 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.659092903 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.659172058 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.661993980 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.662030935 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.662152052 CET4434981989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.662175894 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.662199020 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.662221909 CET49819443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.666812897 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.666831970 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.668694019 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.668783903 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671391964 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671415091 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671458006 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671472073 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671482086 CET4434981789.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671495914 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671519041 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671518087 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671545029 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671554089 CET49817443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671581984 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671597958 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671617985 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.671659946 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673074961 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673096895 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673104048 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673149109 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673181057 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673196077 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673216105 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673263073 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.673263073 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680092096 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680116892 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680124998 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680138111 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680143118 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680161953 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680175066 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680191994 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680228949 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680255890 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680255890 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.680377960 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687156916 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687191963 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687228918 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687268019 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687285900 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687299013 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687310934 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687338114 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687364101 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687364101 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687377930 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.687400103 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.709974051 CET49812443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.709999084 CET4434981289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.710844040 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.710867882 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.710931063 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711472034 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711483002 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711795092 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711826086 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711834908 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711858988 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711874962 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711877108 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711889029 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711920977 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711932898 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.711971998 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.712030888 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.715075970 CET49811443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.715089083 CET4434981189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.715765953 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.715785980 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.715841055 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.716583014 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.716597080 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.718777895 CET49810443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.718789101 CET4434981089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.719757080 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.719780922 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.719842911 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.724596977 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.724607944 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.751184940 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.751209021 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.751302004 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.751308918 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.753911018 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.779382944 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.779447079 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.779485941 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.779767990 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788043022 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788074017 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788083076 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788111925 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788144112 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788168907 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788213015 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788244963 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788253069 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788253069 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788290024 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.788290024 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790034056 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790069103 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790172100 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790172100 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790185928 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.790237904 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.796473980 CET49813443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.796488047 CET4434981389.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.807476044 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.807506084 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.807656050 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.808310986 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.808394909 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.808401108 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.808810949 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.809227943 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.809238911 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.861747980 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.862169027 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.862200975 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.863543034 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.863621950 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.864532948 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.867674112 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.867743015 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.868119001 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.868138075 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.868280888 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.868289948 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.869601965 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.869771004 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.870625973 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.870625973 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.870637894 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.870704889 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.883786917 CET49815443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.883814096 CET4434981589.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.893440008 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.896019936 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.896029949 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.897325039 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.897581100 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.897587061 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.897605896 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.897666931 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898260117 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898340940 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898566008 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898575068 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898659945 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.898716927 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.899586916 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.899658918 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.899955034 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.899960995 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.907078981 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.907458067 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.907480001 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.909120083 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.909197092 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.909271002 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.910212994 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.910296917 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.912678957 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.912687063 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.925381899 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.925388098 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.941256046 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.941833973 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.946172953 CET49814443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.946187973 CET4434981489.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.957257032 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.973277092 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.989394903 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.007128000 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.007141113 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.008083105 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.008152962 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.009634018 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.009691000 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.010061026 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.010068893 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.053273916 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.062345982 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.062412024 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.062482119 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.064958096 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.065079927 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.065988064 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.071518898 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.071541071 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.071686983 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.071693897 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.072328091 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073266029 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073292971 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073317051 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073353052 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073369026 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.073406935 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.074314117 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.074371099 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.074414015 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077111006 CET49828443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077124119 CET44349828167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077717066 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077769041 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077811003 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077944994 CET49827443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.077953100 CET44349827167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.082717896 CET49830443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.082721949 CET4434983089.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.084475994 CET49829443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.084482908 CET4434982989.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112334967 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112394094 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112415075 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112442970 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112454891 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112474918 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112485886 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112497091 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112504959 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112523079 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.112545013 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.113711119 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.113734007 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.113831997 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.114759922 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.114770889 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182210922 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182230949 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182240009 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182265043 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182276964 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182300091 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.182356119 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190457106 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190510988 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190534115 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190551996 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190573931 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.190591097 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.202368021 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.202521086 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.202552080 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.202706099 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.208395958 CET49831443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.208411932 CET4434983189.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.226779938 CET49832443192.168.2.689.187.177.16
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.226794958 CET4434983289.187.177.16192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.300021887 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.301405907 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.301424026 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.302902937 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.302973032 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.308100939 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.308357000 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.310729980 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.310740948 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.354264975 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.501950026 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.502053022 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.502127886 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.520198107 CET49833443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:25.520210028 CET44349833167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.451690912 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.464843035 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.464907885 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.465826035 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.465918064 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.466365099 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.466432095 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.466919899 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.466948032 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.516268015 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.617875099 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.618376970 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.618422985 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.627005100 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.627031088 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.666625977 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.666707039 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.666970968 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.670888901 CET49801443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.670919895 CET44349801167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.831839085 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.832010031 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.832561970 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.839957952 CET49805443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:26.839987040 CET44349805167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.602101088 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.602253914 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.602320910 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.604103088 CET49809443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.604120970 CET44349809167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.604648113 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.609905005 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.609927893 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.610896111 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.610946894 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.614130020 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.614177942 CET44349826167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.614217997 CET49826443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.843458891 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.843543053 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.843631029 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.843991041 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:27.844019890 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.461788893 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.461863995 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.461957932 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.462287903 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.462320089 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.737283945 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.737365961 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.743750095 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.743771076 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.743904114 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.743916988 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.743961096 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:29.744010925 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.188738108 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.188786030 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.188852072 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.189142942 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.189156055 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.514440060 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.514625072 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.516568899 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.516580105 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.516843081 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.516891003 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.517219067 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.517246008 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.517385006 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.517391920 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.810540915 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.810676098 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.816370964 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.816380978 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.816590071 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.816726923 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.820364952 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.865922928 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.884460926 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.884763002 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.884763002 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.884836912 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.884985924 CET44349836173.222.162.64192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.885067940 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:30.885067940 CET49836443192.168.2.6173.222.162.64
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.064080000 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.064753056 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.064779997 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.066922903 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.066927910 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.154108047 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.154184103 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.154288054 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.154313087 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.156584024 CET49806443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.156596899 CET44349806167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310682058 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310705900 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310770988 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310803890 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310837030 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310929060 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310957909 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310965061 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.310990095 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311202049 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311553955 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311562061 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311597109 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311625004 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311631918 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311656952 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311686039 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311841965 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311944008 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.311971903 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.312108994 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.312114000 CET44349835204.79.197.222192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.312141895 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:31.312175035 CET49835443192.168.2.6204.79.197.222
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:32.289050102 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:32.289148092 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:32.289206982 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:32.289460897 CET49834443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:32.289477110 CET44349834167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.279550076 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.279587984 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.279707909 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.280143976 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.280154943 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.466996908 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.468159914 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.468183994 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.470263004 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.470268011 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.673494101 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.673572063 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.673638105 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.673803091 CET49837443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:33.673814058 CET44349837167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.686479092 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.686515093 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.686585903 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.687391996 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.687400103 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.869700909 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.870194912 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.870275021 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.871716976 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:34.871738911 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:35.090548038 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:35.090629101 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:35.090758085 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:35.103298903 CET49838443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:35.103342056 CET44349838167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.092103004 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.092192888 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.092309952 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.092823982 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.092843056 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.337240934 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.337768078 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.337805986 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.338620901 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.338629007 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.562978029 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.563059092 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.563127995 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.563380003 CET49839443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.563395977 CET44349839167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.830475092 CET4971280192.168.2.623.206.121.32
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.918276072 CET804971223.206.121.32192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.918334961 CET4971280192.168.2.623.206.121.32
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.576756001 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.576785088 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.576884985 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.577219963 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.577234030 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.591281891 CET4971980192.168.2.623.206.121.32
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.639964104 CET804974072.21.81.240192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.640037060 CET4974080192.168.2.672.21.81.240
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.679850101 CET804971923.206.121.32192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.679924965 CET4971980192.168.2.623.206.121.32
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.791826010 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.793184996 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.793184996 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.793201923 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.793210030 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.998648882 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.998718023 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.998918056 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.999769926 CET49840443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:37.999784946 CET44349840167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.702964067 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.703010082 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.703098059 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.703768969 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.703783035 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.846148014 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.846672058 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.846682072 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.847594023 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.847660065 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.848157883 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.848212957 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.849211931 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.849216938 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.891155958 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.895190001 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.895499945 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.895515919 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.895849943 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.895915031 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.896456003 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.896526098 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.897546053 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.897603989 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.897701025 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.897710085 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.937908888 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.013597965 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.013624907 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.013689041 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.014111042 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.014115095 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.054073095 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.054172039 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.054482937 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.056653023 CET49803443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.056672096 CET44349803167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.062067986 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.062123060 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.062186003 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.062625885 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.062649012 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.116183996 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.116844893 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.116910934 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.117505074 CET49841443192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.117522001 CET44349841142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.298924923 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.299427032 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.299439907 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.300308943 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.300313950 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.358086109 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.358496904 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.358522892 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.359966993 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.360023022 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.360857964 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.360924006 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.361303091 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.361309052 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.402791977 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.506089926 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.506189108 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.506258965 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.506330967 CET49842443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.506347895 CET44349842167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.575252056 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.575453997 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.575628996 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.584209919 CET49843443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.584234953 CET44349843167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.588804007 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.588851929 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.588941097 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.589262009 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.589273930 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.653001070 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.653106928 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.653158903 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.654074907 CET49808443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.654088020 CET44349808167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.822515011 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.822941065 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.822954893 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.823873043 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.823931932 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.824417114 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.824475050 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.826354980 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.826360941 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:39.871473074 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.029119968 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.029233932 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.029623032 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.031286001 CET49844443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.031312943 CET44349844167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.035589933 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.035625935 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.035726070 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.036098957 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.036109924 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.291558981 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.291924953 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.291939020 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.292850018 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.292906046 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.294329882 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.294389009 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.295435905 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.295443058 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.340219975 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.513747931 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.513777018 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.513838053 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.514470100 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:40.514486074 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.691740990 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.691781998 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.691871881 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.692572117 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.692585945 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.731549025 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:42.731575966 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.055962086 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.056173086 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.058657885 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.058670044 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.058881998 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.061093092 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.061146021 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.061151028 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.061247110 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.105910063 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.184041977 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.184134007 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.184288025 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.184530973 CET49847443192.168.2.620.25.241.18
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:43.184544086 CET4434984720.25.241.18192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:44.327080965 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:44.327116966 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:44.327325106 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:44.330959082 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:44.330971003 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.524926901 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.525146008 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.531208992 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.531220913 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.531452894 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.534974098 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.537499905 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.581899881 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.726711035 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.726784945 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.726804972 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.726839066 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.733902931 CET49848443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.733925104 CET44349848167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.750754118 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.750785112 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.750854969 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.751302958 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:45.751315117 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:46.168838978 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:46.256669998 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:47.960887909 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:47.961391926 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:47.961404085 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:47.962227106 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:47.962232113 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.171668053 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.171866894 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.171932936 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.172100067 CET49846443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.172111988 CET44349846167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.979372025 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.979456902 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.980020046 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.980046988 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.980243921 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:48.980257034 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.188971043 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.189004898 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.189070940 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.194341898 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.194355965 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.212316036 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.212377071 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.212390900 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.212434053 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.213474989 CET49849443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.213506937 CET44349849167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.225316048 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.225364923 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.225439072 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.225936890 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.225949049 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.378917933 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.379486084 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.379509926 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.380336046 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.380342007 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.406584978 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.406670094 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.406989098 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.406999111 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.407218933 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.407222986 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.620476007 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.620548964 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.620552063 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.620598078 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.621524096 CET49851443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:49.621562004 CET44349851167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:55.497138977 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:55.497164965 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:56.808701992 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:56.808882952 CET44349850167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:56.809072971 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:56.809145927 CET49850443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.810635090 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.810713053 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.810801983 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.811177015 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.811198950 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.005502939 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.006014109 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.006078959 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.006870985 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.006886959 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.209386110 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.209568977 CET44349852167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.209590912 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:58.209618092 CET49852443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.201018095 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.201106071 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.201217890 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.201627970 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.201661110 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.397425890 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.398047924 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.398066998 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.398813009 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.398823023 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.595613003 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.595796108 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.595861912 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.595889091 CET49853443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:59.595904112 CET44349853167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:00.607088089 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:00.607176065 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:00.607273102 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:00.607599020 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:00.607620955 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:03.834450006 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:03.853710890 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:03.853761911 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:03.854572058 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:03.854590893 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:04.042821884 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:04.042927980 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:04.042992115 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:04.043076038 CET49854443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:04.043097019 CET44349854167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.029479027 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.029572964 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.029681921 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.030050993 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.030085087 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.227178097 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.227719069 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.227801085 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.228463888 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.228487968 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.426467896 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.426563978 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.426620007 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.426701069 CET49855443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:05.426717043 CET44349855167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:06.435290098 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:06.435324907 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:06.435393095 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:06.435744047 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:06.435750961 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:10.691952944 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:10.692001104 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:10.692071915 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:10.693053961 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:10.693063974 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.036798954 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.036896944 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.039093971 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.039108038 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.039352894 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.041225910 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.041313887 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.041321039 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.041487932 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.085905075 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.152686119 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.152782917 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.152868986 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.153029919 CET49857443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:11.153047085 CET4434985752.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:12.137048960 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:12.137151003 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:12.137211084 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:12.156379938 CET49845443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:12.156430960 CET44349845167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.732881069 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.732918978 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.733023882 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.733412027 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.733434916 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.921613932 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.924639940 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.924662113 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.925120115 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.928787947 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.928865910 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:13.968966007 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.005454063 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.006175995 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.006208897 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.007329941 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.007337093 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.208463907 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.208542109 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.208694935 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.208745956 CET49856443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:22.208766937 CET44349856167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.299712896 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.299760103 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.299833059 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.300254107 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.300268888 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.524128914 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.524584055 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.524610996 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.525420904 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.525432110 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.728223085 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.728327990 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.728399038 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.728466988 CET49859443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.728485107 CET44349859167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.925122976 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.925210953 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:23.925265074 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:24.733448982 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:24.733495951 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:24.733589888 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:24.734092951 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:24.734107018 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:25.812382936 CET49858443192.168.2.6142.250.176.196
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:25.812438965 CET44349858142.250.176.196192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.732359886 CET49785443192.168.2.6142.250.65.195
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.732379913 CET44349785142.250.65.195192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.955493927 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.956127882 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.956149101 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.956871986 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:27.956876993 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:28.160128117 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:28.160188913 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:28.160254002 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:28.160403013 CET49860443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:28.160417080 CET44349860167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.170211077 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.170253038 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.170347929 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.170788050 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.170800924 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.369313002 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.369852066 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.369870901 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.370609999 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.370615959 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.585879087 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.586078882 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.586271048 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.586271048 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.903480053 CET49861443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:29.903526068 CET44349861167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.592673063 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.592767954 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.592885017 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.593316078 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.593355894 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.795639038 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.796540022 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.796602011 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.797238111 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:30.797255039 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.008435011 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.008613110 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.008701086 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.008781910 CET49862443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.008819103 CET44349862167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.262852907 CET4977780192.168.2.6142.250.65.238
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.354896069 CET8049777142.250.65.238192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.014636993 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.014669895 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.014854908 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.015625000 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.015635967 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.199826002 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.201493979 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.201534986 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.202256918 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.202271938 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.404606104 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.404684067 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.404746056 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.404887915 CET49863443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:32.404906034 CET44349863167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:33.404644966 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:33.404736996 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:33.404894114 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:33.405328035 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:33.405365944 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.637837887 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.638525963 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.638581038 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.639605045 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.639619112 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.847095966 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.847269058 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.847511053 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:36.847511053 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.152894020 CET49864443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.152959108 CET44349864167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.842120886 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.842161894 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.842319965 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.843055964 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:37.843085051 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.044797897 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.045392036 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.045458078 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.046595097 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.046612024 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.282465935 CET44349865167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:38.282738924 CET49865443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.334041119 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.334085941 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.334153891 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.334553003 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.334578037 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.540539980 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.541131973 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.541161060 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.541977882 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.541984081 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.815923929 CET44349866167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:39.816168070 CET49866443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.497839928 CET49782443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.497874975 CET44349782162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.811870098 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.811920881 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.812092066 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.812422991 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:40.812438965 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.063656092 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.064281940 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.064315081 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.065598965 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.065613985 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.278563023 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.278736115 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.278805971 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.278898001 CET49867443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:41.278918982 CET44349867167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:42.296044111 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:42.296089888 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:42.296190977 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:42.296855927 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:42.296869993 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.442627907 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.442709923 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.442806959 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.443556070 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.443588018 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.798810005 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.798909903 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.800436974 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.800465107 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.800806999 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.802848101 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.802918911 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.802933931 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.803016901 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.845942974 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.914300919 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.914534092 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.914901018 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.915163040 CET49869443192.168.2.652.159.126.152
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:47.915199995 CET4434986952.159.126.152192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.656996012 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.657504082 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.657536030 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.658838987 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.658843040 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.865329027 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.865504026 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.865593910 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.865631104 CET49868443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:49.865647078 CET44349868167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:50.873714924 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:50.873764992 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:50.873866081 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:50.874248028 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:50.874265909 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.095699072 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.096235991 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.096266031 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.097064972 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.097074986 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.299021006 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.299118996 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.299185038 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.299248934 CET49870443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:53.299268007 CET44349870167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:54.310789108 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:54.310882092 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:54.310993910 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:54.311424971 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:54.311438084 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.529640913 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.530147076 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.530189991 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.530886889 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.530901909 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.730138063 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.730297089 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.730364084 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.733206034 CET49871443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.733225107 CET44349871167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.732990980 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.733031988 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.733125925 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.733727932 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.733743906 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.921394110 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.921938896 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.921963930 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.923165083 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:58.923170090 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:59.122792006 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:59.122968912 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:59.123096943 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:59.123456001 CET49872443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:59.123471975 CET44349872167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.139858007 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.139954090 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.140058041 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.140655041 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.140686989 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.371303082 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.371994972 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.372059107 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.373508930 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.373524904 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.572274923 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.572427034 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.572684050 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.575081110 CET49873443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:00.575123072 CET44349873167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.582285881 CET49874443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.582333088 CET44349874167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.582459927 CET49874443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.582993031 CET49874443192.168.2.6167.99.235.203
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.583008051 CET44349874167.99.235.203192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:19:01.797660112 CET49874443192.168.2.6167.99.235.203

                                                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.073801994 CET5396253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET53539621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.365408897 CET4926753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.365751982 CET5189453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.398988962 CET5905653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.399350882 CET5263753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.400237083 CET4972253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.400588989 CET6195953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET53492671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454744101 CET53518941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.475771904 CET53602861.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.486747026 CET53590561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.486985922 CET53526371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.488414049 CET53497221.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.488511086 CET53619591.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.031358004 CET53647721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.953010082 CET53534821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.955997944 CET53579801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:10.958959103 CET53546421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.091072083 CET6291053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.091561079 CET5405553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET53629101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.180603027 CET53540551.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.761709929 CET5597153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.762274981 CET6159353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.850337029 CET53559711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.850394011 CET53615931.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.048285961 CET6299253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.048476934 CET5062553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.104675055 CET5718853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.105230093 CET5567553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.106630087 CET5797853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.106921911 CET5825053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.138241053 CET53506251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.139344931 CET53629921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.194243908 CET53579781.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.194544077 CET53571881.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.195382118 CET53556751.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.195462942 CET53582501.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.215034008 CET5253453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.215215921 CET5745853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.218322992 CET6499653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.218554974 CET6347253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.219197989 CET6527253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.219366074 CET5967153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.303456068 CET53525341.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.303539991 CET53574581.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306766987 CET53634721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306864977 CET53649961.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.307933092 CET53596711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.307967901 CET53652721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.756360054 CET5182853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.756920099 CET5096853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.845700979 CET53518281.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.845858097 CET53509681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.863560915 CET5651453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.864013910 CET5381753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.951731920 CET53565141.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.952457905 CET53538171.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.443718910 CET6129453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.444056988 CET5833253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.532149076 CET53583321.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.532437086 CET53612941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:27.383738041 CET53573291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:46.694839954 CET53612021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.325504065 CET6056553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.326412916 CET6302453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.415018082 CET53630241.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.415126085 CET53605651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.218147039 CET6068353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.218708038 CET5392553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.287962914 CET5447053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.288665056 CET5216353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.306197882 CET53606831.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.306910992 CET53539251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.309389114 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.376516104 CET53544701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.376569033 CET53521631.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.378194094 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.397943020 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.399167061 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.399342060 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.399355888 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.401324034 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.403570890 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.466715097 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.466861010 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.466873884 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.467964888 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.578316927 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.578536034 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579037905 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579205036 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579981089 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.579981089 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666301966 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666337967 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666392088 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666470051 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666630030 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666646004 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666670084 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.666735888 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.667483091 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.667978048 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.667978048 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.668153048 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.668209076 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.668698072 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.668978930 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.669926882 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.700567007 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.716023922 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.755574942 CET44355678162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.755595922 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.794400930 CET55678443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.794472933 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.324613094 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.325089931 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.325393915 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.325638056 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.352638006 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.352837086 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.414280891 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.415241957 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.415833950 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.415864944 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.416080952 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.416685104 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.416836977 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.444612026 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.446564913 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.449290037 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:57.451898098 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.819360018 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.909158945 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.914561987 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.914613008 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.915124893 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:05.915260077 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.002768040 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.002785921 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.003345013 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.025427103 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.025630951 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.028659105 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.113217115 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.113269091 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.113745928 CET58719443192.168.2.6142.251.41.10
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:06.138438940 CET44358719142.251.41.10192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:08.895347118 CET53581201.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:09.119112015 CET53528411.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.688225985 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.688431978 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.776916027 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.778359890 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.778419018 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:10.780291080 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.064412117 CET5817053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.115770102 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.116244078 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.207487106 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.208096027 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.221968889 CET53581701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.225517035 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.227329016 CET44365456162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.227762938 CET65456443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:36.712595940 CET53497461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.612231016 CET6536753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.612652063 CET5135453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.700820923 CET53653671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.701397896 CET53513541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:56.968678951 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.058106899 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.058171034 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.058211088 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.059201956 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.059281111 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.059600115 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.059801102 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147304058 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147362947 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147399902 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147434950 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147890091 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.147959948 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.148005009 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.148772001 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.149039984 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.149426937 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.151305914 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.235857010 CET44361267162.159.61.3192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.245340109 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.246994972 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.251197100 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.251210928 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.251554966 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.262514114 CET61267443192.168.2.6162.159.61.3
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.337826967 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.337974072 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.339314938 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.365627050 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.365627050 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.365869045 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.456557035 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.456617117 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.460355997 CET64637443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:57.484735012 CET44364637142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:20.742578983 CET53547601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.032001019 CET52899443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.123431921 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.129488945 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.129503965 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.141103029 CET52899443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.231959105 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.231981993 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.233119011 CET52899443192.168.2.6142.251.35.164
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.324294090 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.324337959 CET44352899142.251.35.164192.168.2.6
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:57.324834108 CET52899443192.168.2.6142.251.35.164

                                                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.073801994 CET192.168.2.61.1.1.10x6a13Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.365408897 CET192.168.2.61.1.1.10x6174Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.365751982 CET192.168.2.61.1.1.10x59fcStandard query (0)pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.398988962 CET192.168.2.61.1.1.10x4ce1Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.399350882 CET192.168.2.61.1.1.10xad61Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.400237083 CET192.168.2.61.1.1.10x6bb9Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.400588989 CET192.168.2.61.1.1.10x7e06Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.091072083 CET192.168.2.61.1.1.10x53b9Standard query (0)pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.091561079 CET192.168.2.61.1.1.10xe990Standard query (0)pcapp.store65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.761709929 CET192.168.2.61.1.1.10xdacdStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.762274981 CET192.168.2.61.1.1.10x5bb3Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.048285961 CET192.168.2.61.1.1.10xa47dStandard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.048476934 CET192.168.2.61.1.1.10x16c3Standard query (0)google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.104675055 CET192.168.2.61.1.1.10xf5dbStandard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.105230093 CET192.168.2.61.1.1.10x5abbStandard query (0)analytics.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.106630087 CET192.168.2.61.1.1.10x8d19Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.106921911 CET192.168.2.61.1.1.10x9f62Standard query (0)stats.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.215034008 CET192.168.2.61.1.1.10xfd37Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.215215921 CET192.168.2.61.1.1.10x96c6Standard query (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.218322992 CET192.168.2.61.1.1.10x8c9cStandard query (0)td.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.218554974 CET192.168.2.61.1.1.10x13ddStandard query (0)td.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.219197989 CET192.168.2.61.1.1.10xd85cStandard query (0)www.google.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.219366074 CET192.168.2.61.1.1.10xf68bStandard query (0)www.google.ca65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.756360054 CET192.168.2.61.1.1.10x2ad4Standard query (0)www.google.caA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.756920099 CET192.168.2.61.1.1.10x5e76Standard query (0)www.google.ca65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.863560915 CET192.168.2.61.1.1.10xd7b7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.864013910 CET192.168.2.61.1.1.10xbf86Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.443718910 CET192.168.2.61.1.1.10xbf1bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.444056988 CET192.168.2.61.1.1.10x6a76Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.325504065 CET192.168.2.61.1.1.10xcc13Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.326412916 CET192.168.2.61.1.1.10x69f1Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.218147039 CET192.168.2.61.1.1.10x8f3aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.218708038 CET192.168.2.61.1.1.10x747cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.287962914 CET192.168.2.61.1.1.10x35f8Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.288665056 CET192.168.2.61.1.1.10x48eeStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.064412117 CET192.168.2.61.1.1.10x745Standard query (0)repcdn.pcapp.storeA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.612231016 CET192.168.2.61.1.1.10x24d9Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.612652063 CET192.168.2.61.1.1.10xa470Standard query (0)clients1.google.com65IN (0x0001)false

                                                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET1.1.1.1192.168.2.60x6a13No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET1.1.1.1192.168.2.60x6a13No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET1.1.1.1192.168.2.60x6a13No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET1.1.1.1192.168.2.60x6a13No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:08.161963940 CET1.1.1.1192.168.2.60x6a13No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET1.1.1.1192.168.2.60x6174No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET1.1.1.1192.168.2.60x6174No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET1.1.1.1192.168.2.60x6174No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET1.1.1.1192.168.2.60x6174No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.454399109 CET1.1.1.1192.168.2.60x6174No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.486747026 CET1.1.1.1192.168.2.60x4ce1No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.486747026 CET1.1.1.1192.168.2.60x4ce1No error (0)clients.l.google.com142.250.72.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.486985922 CET1.1.1.1192.168.2.60xad61No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:09.488414049 CET1.1.1.1192.168.2.60x6bb9No error (0)accounts.google.com142.251.111.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET1.1.1.1192.168.2.60x53b9No error (0)pcapp.store104.248.126.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET1.1.1.1192.168.2.60x53b9No error (0)pcapp.store209.222.21.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET1.1.1.1192.168.2.60x53b9No error (0)pcapp.store167.99.235.203A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET1.1.1.1192.168.2.60x53b9No error (0)pcapp.store45.32.1.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:12.179434061 CET1.1.1.1192.168.2.60x53b9No error (0)pcapp.store159.223.126.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.850337029 CET1.1.1.1192.168.2.60xdacdNo error (0)www.google.com142.250.176.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:13.850394011 CET1.1.1.1192.168.2.60x5bb3No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.138241053 CET1.1.1.1192.168.2.60x16c3No error (0)google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.139344931 CET1.1.1.1192.168.2.60xa47dNo error (0)google.com142.250.176.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.194243908 CET1.1.1.1192.168.2.60x8d19No error (0)stats.g.doubleclick.net172.253.62.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.194243908 CET1.1.1.1192.168.2.60x8d19No error (0)stats.g.doubleclick.net172.253.62.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.194544077 CET1.1.1.1192.168.2.60xf5dbNo error (0)analytics.google.com142.251.35.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.303456068 CET1.1.1.1192.168.2.60xfd37No error (0)googleads.g.doubleclick.net142.251.40.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.303539991 CET1.1.1.1192.168.2.60x96c6No error (0)googleads.g.doubleclick.net65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.306864977 CET1.1.1.1192.168.2.60x8c9cNo error (0)td.doubleclick.net142.251.40.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.307933092 CET1.1.1.1192.168.2.60xf68bNo error (0)www.google.ca65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.307967901 CET1.1.1.1192.168.2.60xd85cNo error (0)www.google.ca142.250.80.67A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.845700979 CET1.1.1.1192.168.2.60x2ad4No error (0)www.google.ca142.250.80.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.845858097 CET1.1.1.1192.168.2.60x5e76No error (0)www.google.ca65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.951731920 CET1.1.1.1192.168.2.60xd7b7No error (0)www.google.com142.250.65.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:23.952457905 CET1.1.1.1192.168.2.60xbf86No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.532149076 CET1.1.1.1192.168.2.60x6a76No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:24.532437086 CET1.1.1.1192.168.2.60xbf1bNo error (0)www.google.com142.251.32.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.415018082 CET1.1.1.1192.168.2.60x69f1No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.415126085 CET1.1.1.1192.168.2.60xcc13No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.415126085 CET1.1.1.1192.168.2.60xcc13No error (0)clients.l.google.com142.250.65.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.306197882 CET1.1.1.1192.168.2.60x8f3aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.306197882 CET1.1.1.1192.168.2.60x8f3aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.306910992 CET1.1.1.1192.168.2.60x747cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.376516104 CET1.1.1.1192.168.2.60x35f8No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.376516104 CET1.1.1.1192.168.2.60x35f8No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:55.376569033 CET1.1.1.1192.168.2.60x48eeNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.221968889 CET1.1.1.1192.168.2.60x745No error (0)repcdn.pcapp.store1645886859.rsc.cdn77.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.221968889 CET1.1.1.1192.168.2.60x745No error (0)1645886859.rsc.cdn77.org89.187.177.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:24.221968889 CET1.1.1.1192.168.2.60x745No error (0)1645886859.rsc.cdn77.org156.146.36.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.700820923 CET1.1.1.1192.168.2.60x24d9No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.700820923 CET1.1.1.1192.168.2.60x24d9No error (0)clients.l.google.com142.250.65.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:38.701397896 CET1.1.1.1192.168.2.60xa470No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                    • clients2.google.com
                                                                                                                                                                                                                                                                                                    • pcapp.store
                                                                                                                                                                                                                                                                                                    • accounts.google.com
                                                                                                                                                                                                                                                                                                    • https:
                                                                                                                                                                                                                                                                                                      • www.bing.com
                                                                                                                                                                                                                                                                                                      • google.com
                                                                                                                                                                                                                                                                                                      • analytics.google.com
                                                                                                                                                                                                                                                                                                      • stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                                      • td.doubleclick.net
                                                                                                                                                                                                                                                                                                      • googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                      • www.google.com
                                                                                                                                                                                                                                                                                                      • fp.msedge.net
                                                                                                                                                                                                                                                                                                    • fs.microsoft.com
                                                                                                                                                                                                                                                                                                    • slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                    • fonts.googleapis.com
                                                                                                                                                                                                                                                                                                    • optimizationguide-pa.googleapis.com
                                                                                                                                                                                                                                                                                                    • repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    • clients1.google.com

                                                                                                                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    0192.168.2.649777142.250.65.23880352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.519583941 CET411OUTGET /time/1/current?cup2key=6:Y9AOPRDxJwGGAeVwd1ak5uL1DY1X06nPPn_kZpOUstI&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients2.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.628328085 CET1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    x-cup-server-proof: 304502205fd90b337be91c0020f19d039428495ac45999e2189c2252d536b858ba5d19de022100d0ef2fc6afcba4a50a8231500d3a67507d489b2ae5ac9960b129d44d4dc8fb3b:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                                                                                                                                                                                                                                                                                                    ETag: W/"304502205fd90b337be91c0020f19d039428495ac45999e2189c2252d536b858ba5d19de022100d0ef2fc6afcba4a50a8231500d3a67507d489b2ae5ac9960b129d44d4dc8fb3b:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:50 GMT
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    Data Raw: 35 65 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 37 30 35 31 36 33 32 34 30 35 37 d6 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 32 d3 33 32 35 36 35 35 33 32 b7 34 30 33 30 37 32 73 35 b2 a8 05 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 5eUVJ.-*J+/M,V2470516324057Q*N-*K-KNU232565532403072s5
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:50.628608942 CET20INData Raw: 61 0d 0a 03 00 89 a3 6b 1d 4e 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: akN0
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.639604092 CET411OUTGET /time/1/current?cup2key=6:Is_UYFhgHr7nBlZM7FMVfvkTTIRi7n2lv-_w71TZDdo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients2.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.750498056 CET1140INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    x-cup-server-proof: 30450220563d63bf5dcfd1072130ec25b46fb616b250f157d90040d42f8c6b7a12574068022100f5bf6264915b953970ec24bdf811f0070c539cb2f8be839eefa146be3f54bc35:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                                                                                                                                                                                                                                                                                                    ETag: W/"30450220563d63bf5dcfd1072130ec25b46fb616b250f157d90040d42f8c6b7a12574068022100f5bf6264915b953970ec24bdf811f0070c539cb2f8be839eefa146be3f54bc35:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:52 GMT
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    Data Raw: 36 31 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 37 30 35 31 36 33 32 34 32 b3 34 d1 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 d2 35 d6 33 34 35 32 30 30 34 b6 34 b6 34 34 b5 30 34 73 d5 35 34 31 a8 05 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 61UVJ.-*J+/M,V247051632424Q*N-*K-KNU5345200444404s541
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:52.751035929 CET20INData Raw: 61 0d 0a 03 00 19 91 be b5 51 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: aQ0
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:58.923898935 CET411OUTGET /time/1/current?cup2key=6:2IDko9I1QCj23guagIDv7brAeOMm9aKeglnBvWpoRbA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients2.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.035039902 CET1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    x-cup-server-proof: 3045022100e42f6c5f88f47cef2e778c31c59a60b714cd69a02d10e71d5e833eb7c99b9c2702200b31e46461cfb78d0c096af7c555e54b050bb8f21cf400f04518113ef6284d59:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                                                                                                                                                                                                                                                                                                    ETag: W/"3045022100e42f6c5f88f47cef2e778c31c59a60b714cd69a02d10e71d5e833eb7c99b9c2702200b31e46461cfb78d0c096af7c555e54b050bb8f21cf400f04518113ef6284d59:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:58 GMT
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    Data Raw: 35 65 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 37 30 35 31 36 33 32 b4 b0 34 b7 d0 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 32 d5 33 37 36 b0 00 02 43 53 13 0b 73 13 4b 53 57 23 23 e3 5a 00 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 5eUVJ.-*J+/M,V2470516324Q*N-*K-KNU2376CSsKSW##Z
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:16:59.035060883 CET20INData Raw: 61 0d 0a 03 00 23 ed 27 d7 4f 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: a#'O0
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.039735079 CET411OUTGET /time/1/current?cup2key=6:57jlf0ciYHqeU_Hacg3XzU-QylWI_b_ISA7Aq_fdSMw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients2.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.152676105 CET1144INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    x-cup-server-proof: 30460221009db0feda2e4950e7ea6814d9811cc2f09dce58a56d802d3ecba9b9d78c5e84bf022100e4f6c612b022753c8b6ed0a4262fdb42b298e902ca024ab6257a1d51ad5ab6ff:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
                                                                                                                                                                                                                                                                                                    ETag: W/"30460221009db0feda2e4950e7ea6814d9811cc2f09dce58a56d802d3ecba9b9d78c5e84bf022100e4f6c612b022753c8b6ed0a4262fdb42b298e902ca024ab6257a1d51ad5ab6ff:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:01 GMT
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: same-site
                                                                                                                                                                                                                                                                                                    Content-Encoding: gzip
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    Data Raw: 36 31 0d 0a 1f 8b 08 00 00 00 00 00 02 ff d2 8c ad 55 e7 aa 56 4a 2e 2d 2a 4a cd 2b 89 2f c9 cc 4d 8d cf cd cc c9 c9 2c 56 b2 32 34 37 30 35 31 36 33 32 32 34 b0 34 d5 51 2a 4e 2d 2a 4b 2d 8a cf cb cf 4b 4e 55 b2 d2 35 d1 b3 34 33 31 b1 30 34 37 31 33 35 37 31 32 30 73 d5 35 34 33 a8 05 00 00 00 ff ff 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 61UVJ.-*J+/M,V247051632244Q*N-*K-KNU54310471357120s543
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:01.152837992 CET20INData Raw: 61 0d 0a 03 00 f0 5c 51 a1 51 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: a\QQ0
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:17:46.168838978 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                    Jan 16, 2024 21:18:31.262852907 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                    Data Ascii:


                                                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    0192.168.2.64972120.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC70OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 6e 6f 52 2b 37 59 4e 71 36 55 32 68 6d 51 2b 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 39 61 66 61 35 37 61 37 37 63 36 31 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 304MS-CV: noR+7YNq6U2hmQ+e.1Context: 2019afa57a77c61
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC1063OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 30 0d 0a 4d 53 2d 43 56 3a 20 6e 6f 52 2b 37 59 4e 71 36 55 32 68 6d 51 2b 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 39 61 66 61 35 37 61 37 37 63 36 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52 54
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1040MS-CV: noR+7YNq6U2hmQ+e.2Context: 2019afa57a77c61<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqRT
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC217OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 6e 6f 52 2b 37 59 4e 71 36 55 32 68 6d 51 2b 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 30 31 39 61 66 61 35 37 61 37 37 63 36 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 196MS-CV: noR+7YNq6U2hmQ+e.3Context: 2019afa57a77c61<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:15:58 UTC58INData Raw: 4d 53 2d 43 56 3a 20 69 6f 39 4f 56 6a 30 4a 5a 6b 4f 32 2f 4e 6f 47 4b 63 37 41 52 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: io9OVj0JZkO2/NoGKc7ARw.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    1192.168.2.64972220.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 71 56 79 47 47 43 64 55 41 55 36 33 57 48 4a 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 64 66 66 34 32 33 37 39 63 65 30 62 37 65 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: qVyGGCdUAU63WHJF.1Context: 57dff42379ce0b7e
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 71 56 79 47 47 43 64 55 41 55 36 33 57 48 4a 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 64 66 66 34 32 33 37 39 63 65 30 62 37 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: qVyGGCdUAU63WHJF.2Context: 57dff42379ce0b7e<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 71 56 79 47 47 43 64 55 41 55 36 33 57 48 4a 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 37 64 66 66 34 32 33 37 39 63 65 30 62 37 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: qVyGGCdUAU63WHJF.3Context: 57dff42379ce0b7e<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:05 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 74 7a 42 46 58 6d 66 31 6b 61 7a 54 52 62 4e 4a 36 74 36 31 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: 2tzBFXmf1kazTRbNJ6t61w.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    2192.168.2.649726142.250.72.1104437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients2.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    X-Goog-Update-Interactivity: fg
                                                                                                                                                                                                                                                                                                    X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                                                                                                                                    X-Goog-Update-Updater: chromecrx-117.0.5938.134
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC732INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-Ljr12mDVDVCA8icgzFnyjA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:09 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/xml; charset=UTF-8
                                                                                                                                                                                                                                                                                                    X-Daynum: 6224
                                                                                                                                                                                                                                                                                                    X-Daystart: 44169
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                    Server: GSE
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 32 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 34 31 36 39 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                                                                                                                                                                    Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6224" elapsed_seconds="44169"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    3192.168.2.64972445.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC766OUTGET /installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC621INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:10 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Location: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    4192.168.2.649727142.251.111.844437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: accounts.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 1
                                                                                                                                                                                                                                                                                                    Origin: https://www.google.com
                                                                                                                                                                                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:09 UTC1OUTData Raw: 20
                                                                                                                                                                                                                                                                                                    Data Ascii:
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC1627INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:09 GMT
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-DkYVSfQc8EYVyXi-UqNmjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                                                                    Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    5192.168.2.64973045.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC746OUTGET /?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC610INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:10 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Set-Cookie: _fcid=1705436170641465; expires=Wed, 15-Jan-2025 20:16:10 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC15774INData Raw: 31 65 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 50 50 20 53 54 4f 52 45 3a 20 49 6e 73 74 61 6c 6c 69 6e 67 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 6c 70 2f 61 70 70 73 74 6f 72 65 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 1e22<!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>APP STORE: Installing</title> <link rel="icon" href="/lp/appstore/img/favicon.ico" />
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:10 UTC13092INData Raw: 3c 2f 64 69 76 3e 0a 20 20 20 20 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 6c 70 2f 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 2f 73 72 63 2f 6c 70 64 5f 69 6e 73 74 61 6c 6c 69 6e 67 5f 72 32 2e 6d 69 6e 2e 6a 73 3f 6e 6f 63 61 63 68 65 3d 31 36 38 31 33 30 33 39 34 38 35 36 31 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 2f 2f 2f 20 6d 61 69 6e 2e 6a 73 20 2f 2f 2f 0a 0d 0a 31 30 30 30 0d 0a 20 20 20 20 20 20 69 66 28 20 74 79 70 65 6f 66 28 70 69 78 65 6c 45 76 65 6e 74 29 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 20 20 20 20 20 20 20 20 76 61 72 20 70 69 78 65 6c 45 76 65 6e 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 70 61 72 61 6d 73 29 20 7b 0a 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                                                                                                    Data Ascii: </div> <script src="/lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1681303948561"></script> <script> /// main.js ///1000 if( typeof(pixelEvent) === 'undefined') { var pixelEvent = function (params) {


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    6192.168.2.64973245.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:11 UTC717OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.css?nocache=1681303948561 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC350INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:11 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/css
                                                                                                                                                                                                                                                                                                    Content-Length: 65276
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC16034INData Raw: 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 38 2e 30 2e 31 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 7d 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 65 6d 3b 6d 61 72 67 69 6e 3a 30 2e 36 37 65 6d 20 30 7d 68 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67
                                                                                                                                                                                                                                                                                                    Data Ascii: /*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:0.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;heig
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:14 UTC16384INData Raw: 2d 67 72 61 64 69 65 6e 74 28 39 30 64 65 67 2c 20 72 67 62 61 28 32 2c 30 2c 33 36 2c 30 29 20 30 25 2c 20 23 33 36 38 33 66 37 20 31 30 30 25 29 3b 7a 2d 69 6e 64 65 78 3a 31 30 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 64 6f 77 6e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 64 6f 77 6e 6c 6f 61 64 69 6e 67 2d 73 70 69 6e 6e 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 33 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 33 73 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 33 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 65 6c 61 79 3a 30 2e 33 73 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74
                                                                                                                                                                                                                                                                                                    Data Ascii: -gradient(90deg, rgba(2,0,36,0) 0%, #3683f7 100%);z-index:10;-webkit-animation-name:downloading-spinner;animation-name:downloading-spinner;-webkit-animation-duration:3s;animation-duration:3s;-webkit-animation-delay:0.3s;animation-delay:0.3s;-webkit-animat
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:14 UTC16384INData Raw: 39 7d 2e 6f 72 64 65 72 2d 6d 64 2d 31 30 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 30 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 31 31 3b 6f 72 64 65 72 3a 31 30 7d 2e 6f 72 64 65 72 2d 6d 64 2d 31 31 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 31 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 31 32 3b 6f 72 64 65 72 3a 31 31 7d 2e 6f 72 64 65 72 2d 6d 64 2d 31 32 7b 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 31 32 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 31 33 3b 6f 72 64 65 72 3a 31 32 7d 2e 6f 66 66 73 65 74 2d 6d 64 2d 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 6f 66 66 73 65 74 2d 6d 64 2d 31 7b 6d 61 72 67 69 6e
                                                                                                                                                                                                                                                                                                    Data Ascii: 9}.order-md-10{-ms-flex-order:10;-webkit-box-ordinal-group:11;order:10}.order-md-11{-ms-flex-order:11;-webkit-box-ordinal-group:12;order:11}.order-md-12{-ms-flex-order:12;-webkit-box-ordinal-group:13;order:12}.offset-md-0{margin-left:0}.offset-md-1{margin


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    7192.168.2.64973345.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:11 UTC737OUTGET /lp/lpd_installing_r2/img/done_windows_icon.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:11 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 543
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC543INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8f 00 00 00 79 08 03 00 00 00 37 76 82 a5 00 00 00 6f 50 4c 54 45 00 00 00 20 50 60 30 40 60 30 50 60 2c 4c 5e 2c 4e 5e 2c 4c 5e 2c 4e 5e 2b 4c 5e 2c 4c 5e 2c 4e 5e 2b 4d 5e 2d 4d 5e 2c 4d 5e 39 58 68 3a 58 68 46 63 72 53 6e 7c 60 79 86 61 79 86 6e 84 90 7b 90 9a 88 9b a4 95 a6 ae a3 b1 b8 a3 b1 b9 af bc c2 bd c7 cc bd c7 cd ca d2 d7 d7 dd e1 d7 de e1 d8 dd e1 e5 e8 eb e5 e9 eb f2 f4 f5 ff ff ff 7b 94 69 45 00 00 00 0d 74 52 4e 53 00 10 10 10 7f 7f 80 80 cf cf cf df df 6b 90 e7 37 00 00 01 52 49 44 41 54 78 da ed dc cb 52 83 40 10 85 e1 26 31 24 ca 45 48 b8 44 14 0d 0e ef ff 8c 0a 04 73 31 35 71 11 99 2e fd cf 8a c5 54 f1 15 d5 67 16 bd 40 c4 5b 84 91 8e 04 8b 99 88 b7 8a f4 e4 7e 26 77 91 a6 2c 25
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRy7voPLTE P`0@`0P`,L^,N^,L^,N^+L^,L^,N^+M^-M^,M^9Xh:XhFcrSn|`yayn{{iEtRNSk7RIDATxR@&1$EHDs15q.Tg@[~&w,%


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    8192.168.2.649740104.248.126.2254437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC413OUTGET /lp/lpd_installing_r2/img/done_windows_icon.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC303INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:12 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 543
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:12 UTC543INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 8f 00 00 00 79 08 03 00 00 00 37 76 82 a5 00 00 00 6f 50 4c 54 45 00 00 00 20 50 60 30 40 60 30 50 60 2c 4c 5e 2c 4e 5e 2c 4c 5e 2c 4e 5e 2b 4c 5e 2c 4c 5e 2c 4e 5e 2b 4d 5e 2d 4d 5e 2c 4d 5e 39 58 68 3a 58 68 46 63 72 53 6e 7c 60 79 86 61 79 86 6e 84 90 7b 90 9a 88 9b a4 95 a6 ae a3 b1 b8 a3 b1 b9 af bc c2 bd c7 cc bd c7 cd ca d2 d7 d7 dd e1 d7 de e1 d8 dd e1 e5 e8 eb e5 e9 eb f2 f4 f5 ff ff ff 7b 94 69 45 00 00 00 0d 74 52 4e 53 00 10 10 10 7f 7f 80 80 cf cf cf df df 6b 90 e7 37 00 00 01 52 49 44 41 54 78 da ed dc cb 52 83 40 10 85 e1 26 31 24 ca 45 48 b8 44 14 0d 0e ef ff 8c 0a 04 73 31 35 71 11 99 2e fd cf 8a c5 54 f1 15 d5 67 16 bd 40 c4 5b 84 91 8e 04 8b 99 88 b7 8a f4 e4 7e 26 77 91 a6 2c 25
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRy7voPLTE P`0@`0P`,L^,N^,L^,N^+L^,L^,N^+M^-M^,M^9Xh:XhFcrSn|`yayn{{iEtRNSk7RIDATxR@&1$EHDs15q.Tg@[~&w,%


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    9192.168.2.64974223.51.58.94443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:15 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                    Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:15 UTC496INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                    Server: ECAcc (sac/2518)
                                                                                                                                                                                                                                                                                                    X-CID: 11
                                                                                                                                                                                                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                                                                                                    X-Ms-Region: prod-eus2-z1
                                                                                                                                                                                                                                                                                                    Cache-Control: public, max-age=152854
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:15 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    X-CID: 2


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    10192.168.2.64973145.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:15 UTC702OUTGET /lp/lpd_installing_r2/src/lpd_installing_r2.min.js?nocache=1681303948561 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    11192.168.2.649723167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:15 UTC243OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=start&permision=Default HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:15 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    12192.168.2.64974320.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 50 62 7a 57 6e 67 72 59 6d 45 61 62 62 6e 68 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 63 30 38 38 35 30 61 37 33 66 39 64 37 64 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: PbzWngrYmEabbnhE.1Context: bac08850a73f9d7d
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 50 62 7a 57 6e 67 72 59 6d 45 61 62 62 6e 68 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 63 30 38 38 35 30 61 37 33 66 39 64 37 64 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: PbzWngrYmEabbnhE.2Context: bac08850a73f9d7d<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 50 62 7a 57 6e 67 72 59 6d 45 61 62 62 6e 68 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 61 63 30 38 38 35 30 61 37 33 66 39 64 37 64 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: PbzWngrYmEabbnhE.3Context: bac08850a73f9d7d<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC58INData Raw: 4d 53 2d 43 56 3a 20 45 44 61 4a 38 52 4b 6d 6d 55 71 36 75 45 41 6d 73 5a 2b 63 71 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: EDaJ8RKmmUq6uEAmsZ+cqw.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    13192.168.2.64974423.51.58.94443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                    Range: bytes=0-2147483646
                                                                                                                                                                                                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                                                                                                    Host: fs.microsoft.com
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC456INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    ApiVersion: Distribute 1.1
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                                                                                                    Server: ECAcc (chd/0778)
                                                                                                                                                                                                                                                                                                    X-CID: 11
                                                                                                                                                                                                                                                                                                    Cache-Control: public, max-age=139458
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:16 GMT
                                                                                                                                                                                                                                                                                                    Content-Length: 55
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    X-CID: 2
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:16 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                                                                                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    14192.168.2.649746167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:17 UTC308OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=installing&e=03000200-0400-0500-0006-000700080009&u=12345678-1234-5678-90AB-CDDEEFAABBCC HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:17 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:17 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:17 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    15192.168.2.64974513.85.23.86443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:17 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XoVOyuUGTZwpMXa&MD=r8KW9uYS HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:18 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                                                                                                    MS-CorrelationId: 289e41b1-7ac6-4d93-b905-db0c2aff1a51
                                                                                                                                                                                                                                                                                                    MS-RequestId: 9f8dbbd6-b4ce-4ed0-9d32-73d2f25c898e
                                                                                                                                                                                                                                                                                                    MS-CV: 3tM8aO0jGkO5NuQt.0
                                                                                                                                                                                                                                                                                                    X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:17 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Content-Length: 24490
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:18 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                                                                                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:18 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                                                                                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    16192.168.2.649748173.222.162.64443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:19 UTC2256OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                                                                                                                                                    Origin: https://www.bing.com
                                                                                                                                                                                                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                                                                                                    Content-type: text/xml
                                                                                                                                                                                                                                                                                                    X-Agent-DeviceId: 01000A410900C4F3
                                                                                                                                                                                                                                                                                                    X-BM-CBT: 1696488253
                                                                                                                                                                                                                                                                                                    X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                                                                                                                    X-BM-DeviceDimensions: 784x984
                                                                                                                                                                                                                                                                                                    X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                                                                                                                                                    X-BM-DeviceScale: 100
                                                                                                                                                                                                                                                                                                    X-BM-DTZ: 120
                                                                                                                                                                                                                                                                                                    X-BM-Market: CH
                                                                                                                                                                                                                                                                                                    X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                                                                                                                    X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                                                                                                                    X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D
                                                                                                                                                                                                                                                                                                    X-Device-isOptin: false
                                                                                                                                                                                                                                                                                                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                                                                                                                    X-Device-OSSKU: 48
                                                                                                                                                                                                                                                                                                    X-Device-Touch: false
                                                                                                                                                                                                                                                                                                    X-DeviceID: 01000A410900C4F3
                                                                                                                                                                                                                                                                                                    X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c
                                                                                                                                                                                                                                                                                                    X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                                                                                                                                                    X-PositionerType: Desktop
                                                                                                                                                                                                                                                                                                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                                                                                                                    X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                                                                                                                    X-Search-SafeSearch: Moderate
                                                                                                                                                                                                                                                                                                    X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                                                                                                                                                                                                    X-UserAgeClass: Unknown
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                    Host: www.bing.com
                                                                                                                                                                                                                                                                                                    Content-Length: 516
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:19 UTC1OUTData Raw: 3c
                                                                                                                                                                                                                                                                                                    Data Ascii: <
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:19 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                                                                                                                                                                                                                    Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:19 UTC478INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                    X-MSEdge-Ref: Ref A: 16CD1043FCCB40EEBA95F9EEB97A9104 Ref B: LAX311000108019 Ref C: 2024-01-16T20:16:19Z
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:19 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                                                                                                                    X-CDN-TraceID: 0.40a6dc17.1705436179.c9abc8


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    17192.168.2.649749142.250.176.2064437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1112OUTPOST /ccm/form-data/858128210?gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&hn=www.googleadservices.com&auid=951475049.1705436182&ec_mode=a&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&em=tv.1 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC445INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Server: Golfe2
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    18192.168.2.649752142.251.35.1744437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1395OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je41a0v898645365&_p=1705436182237&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=557226424.1705436182&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&_s=1&sid=1705436182&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&dt=APP%20STORE%3A%20Installing&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=14412 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: analytics.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC445INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Server: Golfe2
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    19192.168.2.649751172.253.62.1544437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC748OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&cid=557226424.1705436182&gtm=45je41a0v898645365&aip=1&dma=0&gcd=11l1l1l1l1 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC445INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Server: Golfe2
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    20192.168.2.649755142.251.40.984437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1330OUTGET /td/rul/858128210?random=1705436182296&cv=11&fst=1705436182296&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: td.doubleclick.net
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC785INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 16-Jan-2024 20:31:23 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC467INData Raw: 38 30 30 30 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6f 72 69 67 69 6e 2d 74 72 69 61 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 41 76 68 35 4e 79 30 58 45 46 43 79 51 37 2b 6f 4e 69 65 58 73 6b 55 72 71 59 38 65 64 55 7a 4c 35 2f 58 72 77 4b 6c 47 6a 41 52 51 48 57 34 54 46 52 4b 2b 6a 56 64 35 48 6e 44 49 70 59 32 30 6e 35 4f 4c 48 66 67 55 34 6b 75 37 78 34 38 4e 33 75 68 47 2f 41 30 41 41 41 42 78 65 79 4a 76 63 6d 6c 6e 61 57 34 69 4f 69 4a 6f 64 48 52 77 63 7a 6f 76 4c 32 52 76 64 57 4a 73 5a 57 4e 73 61 57 4e 72 4c 6d 35 6c 64 44 6f 30 4e 44 4d 69 4c 43 4a 6d 5a 57 46 30 64 58 4a 6c 49 6a 6f 69 55 48 4a 70 64 6d 46 6a 65 56 4e 68 62 6d 52 69 62 33 68 42 5a 48 4e 42 55 45 6c 7a 49 69 77 69 5a 58 68 77
                                                                                                                                                                                                                                                                                                    Data Ascii: 8000<html><head><meta http-equiv="origin-trial" content="Avh5Ny0XEFCyQ7+oNieXskUrqY8edUzL5/XrwKlGjARQHW4TFRK+jVd5HnDIpY20n5OLHfgU4ku7x48N3uhG/A0AAABxeyJvcmlnaW4iOiJodHRwczovL2RvdWJsZWNsaWNrLm5ldDo0NDMiLCJmZWF0dXJlIjoiUHJpdmFjeVNhbmRib3hBZHNBUElzIiwiZXhw
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 22 6e 61 6d 65 22 3a 22 31 6a 37 39 30 34 37 30 35 36 36 31 22 2c 22 62 69 64 64 69 6e 67 4c 6f 67 69 63 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 6a 73 22 2c 22 64 61 69 6c 79 55 70 64 61 74 65 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 75 70 64 61 74 65 3f 69 67 5f 6e 61 6d 65 3d 31 6a 37 39 30 34 37 30 35 36 36 31 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 62 74 73 22 2c 22 74 72 75 73 74 65 64 42 69 64 64 69 6e 67 53 69 67 6e 61 6c 73 4b 65 79 73 22 3a 5b 22 31 73 52 52 35 6f 4b 51 21
                                                                                                                                                                                                                                                                                                    Data Ascii: "name":"1j7904705661","biddingLogicUrl":"https://td.doubleclick.net/td/bjs","dailyUpdateUrl":"https://td.doubleclick.net/td/update?ig_name=1j7904705661","trustedBiddingSignalsUrl":"https://td.doubleclick.net/td/bts","trustedBiddingSignalsKeys":["1sRR5oKQ!
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 30 30 32 36 63 72 5f 69 64 3d 36 37 38 30 38 30 35 36 31 37 31 38 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 37 37 30 37 31 31 31 34 38 39 22 2c 22 36 37 38 30 38 30 35 36 31 37 31 38 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 33 74 47 6c 50 6c 72 6c 30 48 51 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35
                                                                                                                                                                                                                                                                                                    Data Ascii: 0026cr_id=678080561718\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["157707111489","678080561718",null,"20693206731"],"adRenderId":"3tGlPlrl0HQ"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=15
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 73 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 37 37 30 37 31 31 31 34 38 39 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 37 38 30 38 30 35 36 31 37 34 38 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 37 37 30 37 31 31 31 34 38 39 22 2c 22 36 37 38 30 38 30 35 36 31 37 34 38 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22
                                                                                                                                                                                                                                                                                                    Data Ascii: s"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111489\u0026cr_id=678080561748\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["157707111489","678080561748",null,"20693206731"],"adRenderId"
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 74 61 64 61 74 61 22 3a 5b 22 31 35 37 37 30 37 31 31 31 34 38 39 22 2c 22 36 37 38 30 38 30 35 36 31 38 39 35 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 44 37 78 56 32 39 69 38 4d 6a 73 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 38 30 34 35 36 35 38 31 34 30 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 38 35 38 39 39 38 36 38 39 35 34 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45
                                                                                                                                                                                                                                                                                                    Data Ascii: tadata":["157707111489","678080561895",null,"20693206731"],"adRenderId":"D7xV29i8Mjs"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=158045658140\u0026cr_id=685899868954\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDE
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 36 36 38 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 37 37 30 37 31 31 31 33 32 39 22 2c 22 36 37 38 31 37 32 38 36 36 36 38 33 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 76 6b 4b 4d 54 44 5a 68 59 44 49 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 37 37 30 37 31 31 31 33 32 39 5c 75 30 30 32 36 63 72
                                                                                                                                                                                                                                                                                                    Data Ascii: 6683\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["157707111329","678172866683",null,"20693206731"],"adRenderId":"vkKMTDZhYDI"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329\u0026cr
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 37 37 30 37 31 31 31 33 32 39 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 37 38 31 37 32 38 36 36 37 31 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 35 37 37 30 37 31 31 31 33 32 39 22 2c 22 36 37 38 31 37 32 38 36 36 37 31 33 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 39 45 58 6f 53 52 5a 37 33 4f 59 22 7d 2c 7b 22
                                                                                                                                                                                                                                                                                                    Data Ascii: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329\u0026cr_id=678172866713\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["157707111329","678172866713",null,"20693206731"],"adRenderId":"9EXoSRZ73OY"},{"
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 31 33 32 39 22 2c 22 36 37 38 31 37 32 38 36 36 38 36 30 22 2c 6e 75 6c 6c 2c 22 32 30 36 39 33 32 30 36 37 33 31 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 46 57 37 46 53 64 62 51 39 54 34 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 35 37 37 30 37 31 31 31 33 32 39 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 37 38 31 37 32 38 36 36 38 36 33 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61
                                                                                                                                                                                                                                                                                                    Data Ascii: 1329","678172866860",null,"20693206731"],"adRenderId":"FW7FSdbQ9T4"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=157707111329\u0026cr_id=678172866863\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 34 37 38 34 38 34 35 37 35 34 35 22 2c 22 36 37 31 38 36 30 39 36 39 31 38 36 22 2c 6e 75 6c 6c 2c 22 32 30 30 33 31 38 30 30 35 32 33 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 70 75 49 69 5a 6c 31 5f 4e 6c 63 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 74 64 73 66 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 34 37 38 34 38 34 35 37 35 34 35 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 37 31 38 36 30 39 36 39 31 38 39 5c 75
                                                                                                                                                                                                                                                                                                    Data Ascii: u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["147848457545","671860969186",null,"20031800523"],"adRenderId":"puIiZl1_Nlc"},{"renderUrl":"https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=147848457545\u0026cr_id=671860969189\u
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 65 63 6c 69 63 6b 2e 6e 65 74 2f 74 64 2f 61 64 66 65 74 63 68 2f 67 64 61 3f 61 64 67 5f 69 64 3d 31 34 37 38 34 38 34 35 37 35 34 35 5c 75 30 30 32 36 63 72 5f 69 64 3d 36 37 31 38 36 30 39 36 39 33 32 31 5c 75 30 30 32 36 63 76 5f 69 64 3d 30 5c 75 30 30 32 36 66 6f 72 6d 61 74 3d 24 7b 41 44 5f 57 49 44 54 48 7d 78 24 7b 41 44 5f 48 45 49 47 48 54 7d 5c 75 30 30 32 36 72 64 73 3d 24 7b 52 45 4e 44 45 52 5f 44 41 54 41 7d 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 5b 22 31 34 37 38 34 38 34 35 37 35 34 35 22 2c 22 36 37 31 38 36 30 39 36 39 33 32 31 22 2c 6e 75 6c 6c 2c 22 32 30 30 33 31 38 30 30 35 32 33 22 5d 2c 22 61 64 52 65 6e 64 65 72 49 64 22 3a 22 6c 59 42 2d 4d 5a 52 7a 71 48 41 22 7d 2c 7b 22 72 65 6e 64 65 72 55 72 6c 22 3a 22 68 74 74 70 73 3a
                                                                                                                                                                                                                                                                                                    Data Ascii: eclick.net/td/adfetch/gda?adg_id=147848457545\u0026cr_id=671860969321\u0026cv_id=0\u0026format=${AD_WIDTH}x${AD_HEIGHT}\u0026rds=${RENDER_DATA}","metadata":["147848457545","671860969321",null,"20031800523"],"adRenderId":"lYB-MZRzqHA"},{"renderUrl":"https:


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    21192.168.2.649753142.251.40.1624437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1206OUTGET /pagead/viewthroughconversion/858128210/?random=1705436182296&cv=11&fst=1705436182296&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 16-Jan-2024 20:31:23 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC410INData Raw: 62 33 39 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 6e 75 6c 6c 3d 3d 70 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                                                                                                                                                                                                    Data Ascii: b39(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 78 28 64 29 7b 76 61 72 20 61 3b 61 3a 7b 69 66 28 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 30 3c 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53
                                                                                                                                                                                                                                                                                                    Data Ascii: 1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("S
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1218INData Raw: 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3b 73 2e 73 73 5f 28 77 69 6e 64 6f 77 2c 27 4f 6a 45 33 4d 44 55 30 4d 7a 59 78 4f 44 49 79 4f 54 59 27 2c 5b 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 31 70 2d 75 73 65 72 2d 6c 69 73 74 2f 38 35 38 31 32 38 32 31 30 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 30 35 34 33 36 31 38 32 32 39 36 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 30 35 34 33 35 32 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 31 61 30 76 39 31 30 33 32 35 36 36 35 32 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78
                                                                                                                                                                                                                                                                                                    Data Ascii: ).call(this);;s.ss_(window,'OjE3MDU0MzYxODIyOTY',['https://www.google.com/pagead/1p-user-list/858128210/?random\x3d1705436182296\x26cv\x3d11\x26fst\x3d1705435200000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be41a0v9103256652\x26u_w\x3d1280\x
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    22192.168.2.649754142.251.40.1624437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1204OUTGET /pagead/viewthroughconversion/858128210/?random=1705436182336&cv=11&fst=1705436182336&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&gcd=11l1l1l1l1&dma=0&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&hn=www.googleadservices.com&frm=0&tiba=APP%20STORE%3A%20Installing&auid=951475049.1705436182&fledge=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uap=Windows&uapv=10.0.0&uaw=0&data=event%3Dpage_view&rfmt=3&fmt=4 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC842INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:23 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 16-Jan-2024 20:31:23 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC410INData Raw: 62 33 37 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 73 20 3d 20 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 7d 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 20 2a 2f 20 76 61 72 20 66 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 67 2c 6b 3b 61 3a 7b 66 6f 72 28 76 61 72 20 6c 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 70 3d 66 2c 71 3d 30 3b 71 3c 6c 2e 6c 65 6e 67 74 68 3b 71 2b 2b 29 69 66 28 70 3d 70 5b 6c 5b 71 5d 5d 2c 6e 75 6c 6c 3d 3d 70 29 7b 6b 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 6b 3d 70 7d 76 61 72 20
                                                                                                                                                                                                                                                                                                    Data Ascii: b37(function(){var s = {};(function(){var e={};/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var f=this||self;var g,k;a:{for(var l=["CLOSURE_FLAGS"],p=f,q=0;q<l.length;q++)if(p=p[l[q]],null==p){k=null;break a}k=p}var
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1252INData Raw: 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 29 3a 21 31 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 78 28 64 29 7b 76 61 72 20 61 3b 61 3a 7b 69 66 28 61 3d 66 2e 6e 61 76 69 67 61 74 6f 72 29 69 66 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 62 72 65 61 6b 20 61 3b 61 3d 22 22 7d 72 65 74 75 72 6e 2d 31 21 3d 61 2e 69 6e 64 65 78 4f 66 28 64 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 79 28 29 7b 72 65 74 75 72 6e 20 67 3f 21 21 74 26 26 30 3c 74 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3a 21 31 7d 66 75 6e 63 74 69 6f 6e 20 7a 28 29 7b 72 65 74 75 72 6e 20 79 28 29 3f 77 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 78 28 22 43 68 72 6f 6d 65 22 29 7c 7c 78 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 79 28 29 3f 30 3a 78 28 22 45 64 67 65 22 29 29 7c 7c 78 28 22 53
                                                                                                                                                                                                                                                                                                    Data Ascii: 1!=a.indexOf(d)}):!1:!1}function x(d){var a;a:{if(a=f.navigator)if(a=a.userAgent)break a;a=""}return-1!=a.indexOf(d)};function y(){return g?!!t&&0<t.brands.length:!1}function z(){return y()?w("Chromium"):(x("Chrome")||x("CriOS"))&&!(y()?0:x("Edge"))||x("S
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC1216INData Raw: 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 3b 73 2e 73 73 5f 28 77 69 6e 64 6f 77 2c 27 4f 6a 45 33 4d 44 55 30 4d 7a 59 78 4f 44 49 7a 4d 7a 59 27 2c 5b 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 31 70 2d 75 73 65 72 2d 6c 69 73 74 2f 38 35 38 31 32 38 32 31 30 2f 3f 72 61 6e 64 6f 6d 5c 78 33 64 31 37 30 35 34 33 36 31 38 32 33 33 36 5c 78 32 36 63 76 5c 78 33 64 31 31 5c 78 32 36 66 73 74 5c 78 33 64 31 37 30 35 34 33 35 32 30 30 30 30 30 5c 78 32 36 62 67 5c 78 33 64 66 66 66 66 66 66 5c 78 32 36 67 75 69 64 5c 78 33 64 4f 4e 5c 78 32 36 61 73 79 6e 63 5c 78 33 64 31 5c 78 32 36 67 74 6d 5c 78 33 64 34 35 62 65 34 31 61 30 76 39 31 30 33 32 35 36 36 35 32 5c 78 32 36 75 5f 77 5c 78 33 64 31 32 38 30 5c 78
                                                                                                                                                                                                                                                                                                    Data Ascii: ).call(this);;s.ss_(window,'OjE3MDU0MzYxODIzMzY',['https://www.google.com/pagead/1p-user-list/858128210/?random\x3d1705436182336\x26cv\x3d11\x26fst\x3d1705435200000\x26bg\x3dffffff\x26guid\x3dON\x26async\x3d1\x26gtm\x3d45be41a0v9103256652\x26u_w\x3d1280\x
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    23192.168.2.649761142.250.65.1644437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC1277OUTGET /pagead/1p-user-list/858128210/?random=1705436182336&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_XZcSQSqXxQ4Pq-1Tbu-PTuQyxr3-mA&random=2226860448&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:24 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    24192.168.2.649760142.250.65.1644437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC1278OUTGET /pagead/1p-user-list/858128210/?random=1705436182296&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_D4wjk57hF6pvHQk4737VHsVuvC7YGQ&random=629994904&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:24 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    25192.168.2.649764142.251.32.1004437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC1046OUTGET /pagead/1p-user-list/858128210/?random=1705436182336&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dpage_view&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_XZcSQSqXxQ4Pq-1Tbu-PTuQyxr3-mA&random=2226860448&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:24 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    26192.168.2.649765142.251.32.1004437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC1047OUTGET /pagead/1p-user-list/858128210/?random=1705436182296&cv=11&fst=1705435200000&bg=ffffff&guid=ON&async=1&gtm=45be41a0v9103256652&u_w=1280&u_h=1024&url=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&frm=0&tiba=APP%20STORE%3A%20Installing&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_D4wjk57hF6pvHQk4737VHsVuvC7YGQ&random=629994904&rmt_tld=0&ipr=y HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: www.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:24 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Server: cafe
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    27192.168.2.64976645.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:25 UTC857OUTPOST /pixelgif.php HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 332
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465; _gcl_au=1.1.951475049.1705436182; _ga=GA1.1.557226424.1705436182; _ga_VFQWFX3X1C=GS1.1.1705436182.1.0.1705436182.60.0.0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:25 UTC332OUTData Raw: 7b 22 65 76 74 5f 73 72 63 22 3a 22 77 65 62 22 2c 22 65 76 74 5f 61 63 74 69 6f 6e 22 3a 22 76 69 73 74 79 70 65 22 2c 22 67 70 75 22 3a 22 47 6f 6f 67 6c 65 2c 20 56 75 6c 6b 61 6e 20 31 2e 33 2e 30 20 28 53 77 69 66 74 53 68 61 64 65 72 20 44 65 76 69 63 65 20 28 53 75 62 7a 65 72 6f 29 20 28 30 78 30 30 30 30 43 30 44 45 29 29 2c 20 53 77 69 66 74 53 68 61 64 65 72 20 64 72 69 76 65 72 29 22 2c 22 68 65 69 67 68 74 22 3a 31 32 38 30 2c 22 77 69 64 74 68 22 3a 31 30 32 34 2c 22 62 72 6f 77 73 65 72 22 3a 22 43 48 22 2c 22 62 72 6f 77 73 65 72 76 65 72 22 3a 31 31 37 2c 22 6f 73 22 3a 22 31 30 22 2c 22 63 6f 6f 6b 69 65 73 22 3a 31 2c 22 6d 65 6d 6f 72 79 22 3a 38 2c 22 7a 6f 6f 6d 22 3a 31 30 30 2c 22 76 69 64 65 6f 5f 69 6e 70 75 74 22 3a 30 2c 22 61
                                                                                                                                                                                                                                                                                                    Data Ascii: {"evt_src":"web","evt_action":"vistype","gpu":"Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver)","height":1280,"width":1024,"browser":"CH","browserver":117,"os":"10","cookies":1,"memory":8,"zoom":100,"video_input":0,"a
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:26 UTC498INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:26 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:26 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    28192.168.2.64975045.32.1.234437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:26 UTC839OUTGET /lp/appstore/img/favicon.ico HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/?p=lpd_installing_r2&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&_winver=19045&version=fa.1060
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465; _gcl_au=1.1.951475049.1705436182; _ga=GA1.1.557226424.1705436182; _ga_VFQWFX3X1C=GS1.1.1705436182.1.0.1705436182.60.0.0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    29192.168.2.649769142.251.35.1744437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:28 UTC1392OUTPOST /g/collect?v=2&tid=G-VFQWFX3X1C&gtm=45je41a0v898645365&_p=1705436182237&gcd=11l1l1l1l1&dma=0&cid=557226424.1705436182&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.134%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.134&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&_eu=AEA&_s=2&sid=1705436182&sct=1&seg=0&dl=https%3A%2F%2Fpcapp.store%2F%3Fp%3Dlpd_installing_r2%26guid%3D4D802742-3099-9C0E-C19B-2A23EA1FC420%26_winver%3D19045%26version%3Dfa.1060&dt=APP%20STORE%3A%20Installing&en=scroll&epn.percent_scrolled=90&tfd=19466 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: analytics.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlaHLAQj6mM0BCIWgzQEIucrNARjrjaUX
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Referer: https://pcapp.store/
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:28 UTC445INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: https://pcapp.store
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:28 GMT
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Content-Type: text/plain
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Server: Golfe2
                                                                                                                                                                                                                                                                                                    Content-Length: 0
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    30192.168.2.649768104.248.126.2254437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:29 UTC500OUTGET /pixelgif.php HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                                    Cookie: _fcid=1705436170641465; _gcl_au=1.1.951475049.1705436182; _ga=GA1.1.557226424.1705436182; _ga_VFQWFX3X1C=GS1.1.1705436182.1.0.1705436182.60.0.0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:29 UTC448INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:29 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:29 UTC106INData Raw: 35 66 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 0a 49 44 41 54 08 d7 63 60 00 00 00 02 00 01 e2 21 bc 33 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 5fPNGIHDR%VPLTEz=tRNS@fIDATc`!3IENDB`0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    31192.168.2.64977020.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 59 49 63 6f 70 72 4c 4e 45 6b 4f 50 2f 50 68 41 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 64 32 31 36 39 33 62 61 65 37 65 62 66 32 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: YIcoprLNEkOP/PhA.1Context: 36d21693bae7ebf2
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 59 49 63 6f 70 72 4c 4e 45 6b 4f 50 2f 50 68 41 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 64 32 31 36 39 33 62 61 65 37 65 62 66 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: YIcoprLNEkOP/PhA.2Context: 36d21693bae7ebf2<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 59 49 63 6f 70 72 4c 4e 45 6b 4f 50 2f 50 68 41 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 36 64 32 31 36 39 33 62 61 65 37 65 62 66 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: YIcoprLNEkOP/PhA.3Context: 36d21693bae7ebf2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:30 UTC58INData Raw: 4d 53 2d 43 56 3a 20 6f 44 69 6e 4f 33 57 56 69 55 69 54 4a 41 44 36 4f 65 48 55 44 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: oDinO3WViUiTJAD6OeHUDA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    32192.168.2.649771167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC760OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=systeminfo&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003105718.000000+120&os_processes=106&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=DTHP5B&gpu_ram=1073741824&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=PSPH2KM7%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:43 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    33192.168.2.649772167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC948OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_installer&evt_action=pc_apps&a[]=7-Zip+23%2E01+%28x64%29&a[]=Mozilla+Firefox+%28x64+en-US%29&a[]=Mozilla+Maintenance+Service&a[]=Microsoft+Office+Professional+Plus+2019+-+en-us&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Licensing+Component&a[]=Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration&a[]=Adobe+Acrobat+%2864-bit%29&a[]=Microsoft+Visual+C%2B%2B+2022+X64+Minimum+Runtime+-+14%2E36%2E32532&a[]=Google+Chrome&a[]=Microsoft+Edge&a[]=Microsoft+Edge+Update&a[]=Microsoft+Edge+WebView2+Runtime&a[]=Java+Auto+Updater&a[]=Java+8+Update+381&a[]=Microsoft+Visual+C%2B%2B+2015-2022+Redistributable+%28x64%29+-+14%2E36%2E32532&a[]=Office+16+Click-to-Run+Extensibility+Component HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:43 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:43 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    34192.168.2.649773167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:45 UTC172OUTGET /cpg_fa.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420 HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:45 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:45 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:45 UTC17INData Raw: 37 0d 0a 64 65 66 61 75 6c 74 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 7default0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    35192.168.2.649774167.99.235.2034436248C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:45 UTC237OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&inst_parent=&evt_src=fa_installer&evt_action=done HTTP/1.1
                                                                                                                                                                                                                                                                                                    User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:46 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:46 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:46 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    36192.168.2.649775167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:49 UTC236OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=channel&id=-3&eng_time=1705441663322&nocache=5721718 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:49 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:49 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:49 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    37192.168.2.64977920.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 6c 6a 75 2b 52 6d 6a 30 55 53 75 32 55 68 56 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 61 31 39 64 31 33 32 35 66 65 33 34 32 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: 6lju+Rmj0USu2UhV.1Context: 86ca19d1325fe342
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 36 6c 6a 75 2b 52 6d 6a 30 55 53 75 32 55 68 56 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 61 31 39 64 31 33 32 35 66 65 33 34 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 6lju+Rmj0USu2UhV.2Context: 86ca19d1325fe342<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 6c 6a 75 2b 52 6d 6a 30 55 53 75 32 55 68 56 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 36 63 61 31 39 64 31 33 32 35 66 65 33 34 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6lju+Rmj0USu2UhV.3Context: 86ca19d1325fe342<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:52 UTC58INData Raw: 4d 53 2d 43 56 3a 20 39 34 50 56 77 45 52 47 43 6b 71 75 43 79 48 72 69 64 34 31 4e 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: 94PVwERGCkquCyHrid41Nw.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    38192.168.2.64978113.85.23.86443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=XoVOyuUGTZwpMXa&MD=r8KW9uYS HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:55 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                    Expires: -1
                                                                                                                                                                                                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                                                                                                    ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                                                                                                                    MS-CorrelationId: 2bba7c2e-a009-4446-8b66-5b8418dea7fe
                                                                                                                                                                                                                                                                                                    MS-RequestId: 21f68858-08b4-4dd0-9fe0-0d4b100453b2
                                                                                                                                                                                                                                                                                                    MS-CV: XIdl5tpbMUO0Fzpp.0
                                                                                                                                                                                                                                                                                                    X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:55 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Content-Length: 25457
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:55 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                                                                                                                    Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:55 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                                                                                                                    Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    39192.168.2.649784142.251.41.10443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC540OUTGET /css2?family=Bebas+Neue&display=swap HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: fonts.googleapis.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                                                                                                    X-Client-Data: CKeBywE=
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: style
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC758INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                                    Expires: Tue, 16 Jan 2024 20:16:57 GMT
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:57 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: private, max-age=86400, stale-while-revalidate=604800
                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 16 Jan 2024 19:33:31 GMT
                                                                                                                                                                                                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups
                                                                                                                                                                                                                                                                                                    Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC494INData Raw: 33 31 66 0d 0a 2f 2a 20 6c 61 74 69 6e 2d 65 78 74 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 42 65 62 61 73 20 4e 65 75 65 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 34 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 62 65 62 61 73 6e 65 75 65 2f 76 31 34 2f 4a 54 55 53 6a 49 67 36 39 43 4b 34 38 67 57 37 50 58 6f 6f 39 57 64 68 79 7a 62 69 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 31 30
                                                                                                                                                                                                                                                                                                    Data Ascii: 31f/* latin-ext */@font-face { font-family: 'Bebas Neue'; font-style: normal; font-weight: 400; font-display: swap; src: url(https://fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wdhyzbi.woff2) format('woff2'); unicode-range: U+010
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC312INData Raw: 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 62 65 62 61 73 6e 65 75 65 2f 76 31 34 2f 4a 54 55 53 6a 49 67 36 39 43 4b 34 38 67 57 37 50 58 6f 6f 39 57 6c 68 79 77 2e 77 6f 66 66 32 29 20 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 0a 20 20 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 20 55 2b 30 30 30 30 2d 30 30 46 46 2c 20 55 2b 30 31 33 31 2c 20 55 2b 30 31 35 32 2d 30 31 35 33 2c 20 55 2b 30 32 42 42 2d 30 32 42 43 2c 20 55 2b 30 32 43 36 2c 20 55 2b 30 32 44 41 2c 20 55 2b 30 32 44 43 2c 20 55 2b 30 33 30 34 2c 20 55 2b 30 33 30 38 2c 20 55 2b 30 33 32 39 2c 20 55 2b 32 30 30 30 2d 32 30 36 46 2c 20 55 2b 32 30 37 34 2c 20 55 2b 32 30 41 43 2c 20 55 2b 32
                                                                                                                                                                                                                                                                                                    Data Ascii: swap; src: url(https://fonts.gstatic.com/s/bebasneue/v14/JTUSjIg69CK48gW7PXoo9Wlhyw.woff2) format('woff2'); unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    40192.168.2.649786167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:05 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:05 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:05 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    41192.168.2.649778167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:57 UTC231OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=started&&eng_time=1705441664012&nocache=5726312 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:59 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:16:58 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:16:59 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    42192.168.2.649788167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:05 UTC722OUTGET /pixel.gif?evt_src=web&evt_action=new_fcid&ncrd=1705436224705&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:05 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:05 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:05 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    43192.168.2.649789167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:07 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:14 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:14 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:14 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    44192.168.2.649791142.251.40.106443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:11 UTC473OUTPOST /v1:GetModels?key=dummytoken HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: optimizationguide-pa.googleapis.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Content-Length: 447
                                                                                                                                                                                                                                                                                                    Content-Type: application/x-protobuf
                                                                                                                                                                                                                                                                                                    X-Client-Data: CKeBywE=
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:11 UTC447OUTData Raw: 0a 04 08 09 20 0b 0a 04 08 0d 20 0b 0a 63 08 0f 20 0b 32 5d 0a 57 74 79 70 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 67 6f 6f 67 6c 65 2e 69 6e 74 65 72 6e 61 6c 2e 63 68 72 6f 6d 65 2e 6f 70 74 69 6d 69 7a 61 74 69 6f 6e 67 75 69 64 65 2e 76 31 2e 50 61 67 65 54 6f 70 69 63 73 4d 6f 64 65 6c 4d 65 74 61 64 61 74 61 12 02 08 02 0a 67 08 10 20 0b 32 61 0a 59 74 79 70 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 67 6f 6f 67 6c 65 2e 69 6e 74 65 72 6e 61 6c 2e 63 68 72 6f 6d 65 2e 6f 70 74 69 6d 69 7a 61 74 69 6f 6e 67 75 69 64 65 2e 76 31 2e 53 65 67 6d 65 6e 74 61 74 69 6f 6e 4d 6f 64 65 6c 4d 65 74 61 64 61 74 61 12 04 4a 02 10 02 0a 04 08 14 20 0b 0a 67 08 15 20 0b 32 61 0a 59 74 79 70 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 67
                                                                                                                                                                                                                                                                                                    Data Ascii: c 2]Wtype.googleapis.com/google.internal.chrome.optimizationguide.v1.PageTopicsModelMetadatag 2aYtype.googleapis.com/google.internal.chrome.optimizationguide.v1.SegmentationModelMetadataJ g 2aYtype.googleapis.com/g
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:11 UTC409INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                                                                                                    Vary: X-Origin
                                                                                                                                                                                                                                                                                                    Vary: Referer
                                                                                                                                                                                                                                                                                                    Content-Type: application/x-protobuf
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:11 GMT
                                                                                                                                                                                                                                                                                                    Server: ESF
                                                                                                                                                                                                                                                                                                    Cache-Control: private
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Accept-Ranges: none
                                                                                                                                                                                                                                                                                                    Vary: Origin,Accept-Encoding
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:11 UTC184INData Raw: 62 32 0d 0a 08 03 12 2f 41 50 49 20 6b 65 79 20 6e 6f 74 20 76 61 6c 69 64 2e 20 50 6c 65 61 73 65 20 70 61 73 73 20 61 20 76 61 6c 69 64 20 41 50 49 20 6b 65 79 2e 1a 7d 0a 28 74 79 70 65 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 67 6f 6f 67 6c 65 2e 72 70 63 2e 45 72 72 6f 72 49 6e 66 6f 12 51 0a 0f 41 50 49 5f 4b 45 59 5f 49 4e 56 41 4c 49 44 12 0e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 1a 2e 0a 07 73 65 72 76 69 63 65 12 23 6f 70 74 69 6d 69 7a 61 74 69 6f 6e 67 75 69 64 65 2d 70 61 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: b2/API key not valid. Please pass a valid API key.}(type.googleapis.com/google.rpc.ErrorInfoQAPI_KEY_INVALIDgoogleapis.com.service#optimizationguide-pa.googleapis.com
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    45192.168.2.649793167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:15 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:16 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    46192.168.2.64979420.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 33 64 6f 74 54 50 6b 42 45 53 78 38 2b 41 7a 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 39 36 62 64 30 30 38 33 31 31 63 39 65 66 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: 13dotTPkBESx8+Az.1Context: a096bd008311c9ef
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 31 33 64 6f 74 54 50 6b 42 45 53 78 38 2b 41 7a 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 39 36 62 64 30 30 38 33 31 31 63 39 65 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 13dotTPkBESx8+Az.2Context: a096bd008311c9ef<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 33 64 6f 74 54 50 6b 42 45 53 78 38 2b 41 7a 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 30 39 36 62 64 30 30 38 33 31 31 63 39 65 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: 13dotTPkBESx8+Az.3Context: a096bd008311c9ef<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:16 UTC58INData Raw: 4d 53 2d 43 56 3a 20 51 59 43 61 57 49 47 77 77 30 32 78 33 4a 4b 6a 6c 4d 36 33 42 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: QYCaWIGww02x3JKjlM63Bg.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    47192.168.2.649795167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:18 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:18 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:18 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:18 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    48192.168.2.649796167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:19 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:19 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:19 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:19 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    49192.168.2.649797167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:21 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:22 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:22 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:22 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    50192.168.2.649798167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:22 UTC476OUTGET /src/main_code_nw.js HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC363INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:23 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/javascript
                                                                                                                                                                                                                                                                                                    Content-Length: 8013
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC8013INData Raw: 76 61 72 20 6d 61 6b 65 50 6f 73 74 52 65 71 75 65 73 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 75 72 6c 2c 20 64 61 74 61 2c 20 63 61 6c 6c 62 61 63 6b 29 20 7b 0a 20 20 76 61 72 20 68 74 74 70 52 65 71 75 65 73 74 20 3d 20 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 28 29 3b 0a 0a 20 20 69 66 20 28 21 68 74 74 70 52 65 71 75 65 73 74 29 20 7b 0a 20 20 20 20 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 47 69 76 69 6e 67 20 75 70 20 3a 28 20 43 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 61 6e 20 58 4d 4c 48 54 54 50 20 69 6e 73 74 61 6e 63 65 22 29 3b 0a 20 20 20 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 0a 20 20 7d 0a 20 20 68 74 74 70 52 65 71 75 65 73 74 2e 6f 6e 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29
                                                                                                                                                                                                                                                                                                    Data Ascii: var makePostRequest = function (url, data, callback) { var httpRequest = new XMLHttpRequest(); if (!httpRequest) { console.log("Giving up :( Cannot create an XMLHTTP instance"); return false; } httpRequest.onreadystatechange = function ()


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    51192.168.2.649804167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC593OUTGET /appstore-menu/?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242502 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC611INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:23 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Set-Cookie: finishInstallInApp=done; expires=Wed, 15-Jan-2025 20:17:23 GMT; Max-Age=31536000; path=/
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC15773INData Raw: 31 65 32 31 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 68 74 6d 6c 22 3a 22 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 5c 6e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 5c 22 65 6e 5c 22 3e 5c 6e 3c 68 65 61 64 3e 5c 6e 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 5c 22 55 54 46 2d 38 5c 22 5c 2f 3e 5c 6e 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 5c 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 5c 22 20 63 6f 6e 74 65 6e 74 3d 5c 22 49 45 3d 65 64 67 65 5c 22 5c 2f 3e 5c 6e 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 5c 22 76 69 65 77 70 6f 72 74 5c 22 20 63 6f 6e 74 65 6e 74 3d 5c 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30
                                                                                                                                                                                                                                                                                                    Data Ascii: 1e21{"state":"ok","result":{"html":"<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\"\/>\n <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\"\/>\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC1516INData Raw: 65 28 29 3b 5c 6e 20 20 20 20 69 6d 67 2e 73 72 63 20 3d 20 5c 22 5c 2f 70 69 78 65 6c 2e 67 69 66 3f 5c 22 20 2b 20 73 74 72 3b 5c 6e 20 20 20 20 69 66 20 28 74 79 70 65 6f 66 20 63 62 20 3d 3d 3d 20 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 29 20 7b 5c 6e 20 20 20 20 20 20 20 20 69 6d 67 2e 6f 6e 6c 6f 61 64 20 3d 20 63 62 3b 20 5c 2f 5c 2f 20 63 61 6c 6c 62 61 63 6b 20 6e 65 65 64 20 74 6f 20 70 72 65 76 65 6e 74 20 4e 53 5f 42 55 49 4c 0d 0a 35 34 63 0d 0a 44 49 4e 47 5f 41 42 4f 52 54 45 44 20 65 72 72 6f 72 20 69 6e 20 66 69 72 65 66 6f 78 5c 6e 20 20 20 20 7d 5c 6e 20 20 20 20 7d 3b 5c 6e 5c 6e 20 20 20 20 76 61 72 20 70 69 78 65 6c 45 76 65 6e 74 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 70 61 72 61 6d 73 2c 20 63 62 29 20 7b 5c 6e 20 20 20 20 77 69 6e 64
                                                                                                                                                                                                                                                                                                    Data Ascii: e();\n img.src = \"\/pixel.gif?\" + str;\n if (typeof cb === \"function\") {\n img.onload = cb; \/\/ callback need to prevent NS_BUIL54cDING_ABORTED error in firefox\n }\n };\n\n var pixelEvent = function (params, cb) {\n wind


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    52192.168.2.649800167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC615OUTGET /appstore-taskbar/?a=notificationsTab&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242512 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:23 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC49INData Raw: 32 36 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 6e 69 74 22 3a 66 61 6c 73 65 7d 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 26{"state":"ok","result":{"init":false}}0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    53192.168.2.649807167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:23 UTC663OUTGET /api/api.php?c=front&a=getAttrUserData&p[guid]=4D802742-3099-9C0E-C19B-2A23EA1FC420&p[fields][]=fullname&p[fields][]=email&p[fields][]=firstname&p[fields][]=lastname HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC501INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: application/json
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC90INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 66 75 6c 6c 6e 61 6d 65 22 3a 22 22 2c 22 65 6d 61 69 6c 22 3a 22 22 2c 22 66 69 72 73 74 6e 61 6d 65 22 3a 22 22 2c 22 6c 61 73 74 6e 61 6d 65 22 3a 22 22 7d 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 4f{"state":"ok","result":{"fullname":"","email":"","firstname":"","lastname":""}}0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    54192.168.2.649808167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC602OUTGET /appstore-topbar/?a=init&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&nocache=1705436242666 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Content-Type: application/json;charset=UTF-8
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC49INData Raw: 32 36 0d 0a 7b 22 73 74 61 74 65 22 3a 22 6f 6b 22 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 6e 69 74 22 3a 66 61 6c 73 65 7d 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 26{"state":"ok","result":{"init":false}}0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    55192.168.2.649809167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC784OUTGET /pixel.gif?evt_src=settings&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242441&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:27 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:27 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:27 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    56192.168.2.649802167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC787OUTGET /pixel.gif?evt_src=menu_search&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242444&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    57192.168.2.649799167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC784OUTGET /pixel.gif?evt_src=fa_offer&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242447&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    58192.168.2.64981389.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC571OUTGET /pcapp/images/3rdparty/avgtuneup_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC675INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 41112
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: oHcFyuC/celOXo9fkCBspbdPOkhyqK+LKzbn8Nvj7DLbjPx+hK61nHcTygcDx40+8L4Y46Wzn4A=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25WFYG57Y5XY2405
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:20 GMT
                                                                                                                                                                                                                                                                                                    ETag: "9a7637d76b8a9dc3d2720bb3e824b425"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: Bx_LD5QweKuYPcylVES8PyxNmWkK6isf
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO983Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be140862be865854e4a6654a3b9123
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC15709INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 a0 2d 49 44 41 54 78 01 cd fd 0b d8 66 d7 55 1e 08 be eb ab bf aa 54 aa 2a dd a5 2a 49 b6 7c 91 7c bf 48 36 24 80 65 20 f4 c4 36 21 e9 cc 83 49 32 cf 33 89 1d 48 ba a7 49 a6 bb 93 9e 00 d3 19 f2 10 e8 9e 9e 64 1a f2 3c 03 06 e2 ce a4 b9 f7 74 27 10 48 27 99 06 9b 26 01 7c c1 04 8c 25 03 be 4a f2 45 96 75 2f 49 75 91 54 b7 b3 fa ec b3 d7 fb ae b5 cf ff fd 72 29 18 3a 47 fa ea ff be 73 d9 7b ed 75 79 d7 65 ef 73 8e fd d9 8f fc 93 09 66 80 fb fc 0f 7c fe d8 fc 7d fe d7 e6 7f e6 7d b6 71 9b 8f b5 03 cb e1 79
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa-IDATxfUT**I||H6$e 6!I23HId<t'H'&|%JEu/IuTr):Gs{uyesf|}}qy
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC16384INData Raw: 2c 3d c2 b3 99 9f 4e 1d 15 8b 30 84 7c 29 0f cb 4a d9 5b ff d5 fb 6b 84 92 73 04 cb 79 45 e2 3e 1c 1b dc 81 ce 8d 96 da 79 9b 70 93 75 ae 62 18 a4 a9 66 bb 85 15 a9 11 dd 77 73 4e 05 4a 1d f2 de 13 39 40 79 5e 85 0b a5 ff 7e 8a 5b 1d 47 6b f7 d8 65 07 f0 77 bf f2 55 cf 99 88 b7 aa d3 4f 7f ea f3 f8 85 cf 3c 88 a1 bc bf 2a 45 af 8d 65 98 6b a1 30 6a 8d df 76 cf 27 65 34 b3 f2 4a ab 82 47 3c b0 22 8c 42 ae 6b 4b 7b fd da bf f4 f2 5b f0 8e d9 a3 3c d7 d6 00 e0 fb 3e fc 09 3c f4 f4 b3 21 97 18 cc 10 9a 60 30 73 c5 56 30 83 7f 09 2f 51 ae 4d be 94 32 71 4e 56 ba c6 b7 b5 9d 08 b3 b0 dd 8e ea fc 56 34 6b 69 2f d4 d5 0a 96 bb 22 8d 68 c8 9b 81 7c 80 0c 47 96 ff 50 62 65 1a 75 26 3e b5 ca 41 82 90 81 1a d9 a5 87 90 74 65 e9 4c 58 ad bb c1 10 5f af 2b 66 42 e1 6e
                                                                                                                                                                                                                                                                                                    Data Ascii: ,=N0|)J[ksyE>ypubfwsNJ9@y^~[GkewUO<*Eek0jv'e4JG<"BkK{[<><!`0sV0/QM2qNVV4ki/"h|GPbeu&>AteLX_+fBn
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC9019INData Raw: 8a 43 f6 57 fe d8 15 b8 14 6f c2 ed 7d f7 3d 83 f7 7d f6 d9 c5 68 7a 85 6c e4 c7 56 ba 35 26 4b 21 97 fd db b6 23 07 0d 7f ea 15 97 2f 79 d3 1b 6e be 34 a3 68 db e2 35 fe f5 13 f8 c8 03 67 8b 1c 8a d8 a5 60 2c 1b 27 da f2 fc 05 83 90 45 02 79 f1 1a d2 62 e5 75 8a 4d 0d 59 35 d6 3a 17 00 51 75 45 0c 52 7f d6 1d 01 63 a6 3d 06 bb ea 47 bb b7 78 fa ba 11 1c 16 6b 7c f3 8f 7c c1 d9 6f 46 b5 a5 48 c2 81 4d 79 6b 66 1a 20 cb 72 be ab ba 05 0c e3 29 cc da 83 ea 72 0d 50 72 f6 cc b1 6d af f3 23 b0 34 0e 4e 95 1c f5 16 a3 8a 65 2c 1d 59 bc f0 87 37 19 a1 3c b4 20 29 fc ab b3 91 7c db 1f db fe c8 cd e7 da 3e fd f8 79 dc f3 e8 f9 c5 58 ee 79 6c fe fe f8 85 9a 6f 41 71 af c6 12 94 6a ae a8 9f d6 2a 4f cd 48 6f bb 6e 3f de 38 1b 43 4b bc 6f 7c 8e aa db b6 ed f4 59 c7
                                                                                                                                                                                                                                                                                                    Data Ascii: CWo}=}hzlV5&K!#/yn4h5g`,'EybuMY5:QuERc=Gxk||oFHMykf r)rPrm#4Ne,Y7< )|>yXyloAqj*OHon?8CKo|Y


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    59192.168.2.64981089.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC576OUTGET /pcapp/images/3rdparty/msoffice21_bus_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC675INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 15684
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: apMHpWHVtkBQgm8sjvU78yjWD1D5bLAq1l1KIbf0mWhj5f0Q38B2SRlsDkYpLLU+QqOqfz+mYbQ=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25W5H7EV28KSN6T8
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:26 GMT
                                                                                                                                                                                                                                                                                                    ETag: "856084d1bf5fe187fd95d1172a0dac5a"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: PtlSp5KCYCnTybJU0k1OCYy7q_JHmUpP
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO+I3Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be140805b5bd5854e4a6655e026d24
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC15684INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 3c d9 49 44 41 54 78 01 ed 7d 69 90 1d d7 75 de 77 fb 2d b3 02 c4 4e 12 24 08 70 27 45 8a 3b b5 91 32 21 c9 71 b4 45 22 6d 39 92 37 49 55 49 c5 65 27 4e ca e5 b8 ec aa e4 4f 96 5f ce 3f a5 5c 15 bb 9c a4 94 4a 6c c9 92 ab e2 45 94 2d d9 12 b5 47 a2 48 51 24 40 8a 2b b8 0b 04 40 12 cb 60 66 30 f3 ba 4f ee b9 7d 6f f7 b9 b7 6f bf 79 33 78 c0 bc 07 f4 99 ea e9 7e b7 6f df de ce 77 bf 73 ce 5d 5a bd fc ea 21 42 23 8d 9c 43 a2 94 42 ab 95 a0 d7 4b 71 ba 92 a0 91 46 1a a9 95 06 20 8d 34 d2 47 1a 80 34 d2 48 1f
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa<IDATx}iuw-N$p'E;2!qE"m97IUIe'NO_?\JlE-GHQ$@+@`f0O}ooy3x~ows]Z!B#CBKqF 4G4H


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    60192.168.2.64981189.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC577OUTGET /pcapp/images/3rdparty/msoffice21_home_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC687INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 16923
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: MOQMM1cVeYRZDsDWHhBD2tcp+WxybMRnaH0188RErgNAJQlkoFPvVriYc4xXFr43wKz89lTATHAC4yoC8XcFRw==
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25W1V40S0QTWGV3Z
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:28 GMT
                                                                                                                                                                                                                                                                                                    ETag: "6ba0668082147b61b021bc994d8d87c5"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: ubpkpKf2_E2L_4cjhHy3HFlRhmxR.jqC
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO983Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be1408b3bd9f5854e4a665c7f9fc23
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC15697INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 41 b0 49 44 41 54 78 01 ed 7d 79 b0 25 57 79 df 77 fa de fb b6 d9 f7 d1 68 61 84 84 34 da 01 21 36 81 10 c6 4e 00 11 c7 18 08 78 a7 2a 29 3b 71 95 cb 2e 2f 89 b3 fd e1 24 55 76 4c a5 52 71 e2 aa c4 55 2e 4c 16 16 83 13 1b 8c b0 8d 0d 12 a0 05 90 84 40 1b 42 08 ad 48 b3 49 b3 cf bc f7 ee ed fe f2 9d ef 9c ef 9c ef f4 ed bb bd 77 df bc fb 66 fa 57 d5 b7 b7 d3 7d 7b 39 bf f3 ad e7 b4 79 fe 85 83 08 35 6a 9c 43 30 c6 40 a3 91 41 a7 93 c3 72 91 41 8d 1a 35 7a a2 26 48 8d 1a 7d 50 13 a4 46 8d 3e a8 09 52 a3 46
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAaAIDATx}y%Wywha4!6Nx*);q./$UvLRqU.L@BHIwfW}{9y5jC0@ArA5z&H}PF>RF
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC1226INData Raw: 79 1b 34 9e ff 13 90 8a ea 9f 42 5f b2 24 9e ad b0 11 4b 65 e4 91 4a 05 96 d8 87 5f 0d 4c 11 89 a1 2a 7f 29 d6 11 ca c8 99 93 fd fa 02 fd 1c 93 ab 80 4a 60 cf 15 90 fb 8f 0d fc 98 6d 10 9c be 24 54 e0 a4 19 b6 2d 09 0f c9 23 b9 40 56 6e e4 9e 43 de 28 67 7b c3 47 30 39 60 d8 50 7d 21 22 64 64 13 84 b2 fa 14 49 12 25 8b 97 5a 56 7a 14 b1 53 be 49 c8 e2 cf 2b cf aa c0 f8 1e f9 fd 9a 30 d4 6f 24 87 27 8b ed 22 3c bd 0d d6 22 f2 ed ef 26 82 7c 0c 42 a5 b0 08 81 40 79 77 7e b3 1c c4 5c 72 52 c1 55 f8 72 45 75 07 19 88 ed 4c dc 8d 10 54 34 bd ad 4a 4d 0a 44 50 64 02 25 82 92 b8 0a 40 b5 7a 65 7a 2c 63 37 49 a4 91 84 b2 0a b1 0c 15 ab 4a 8a e0 d4 2e c0 c6 06 1e ba 33 5e 45 01 31 92 5e c4 4b 90 5a 68 f4 dc 57 68 e3 3c 1e 31 1b bf 74 83 e1 a6 44 8a 14 41 a2 a4 12
                                                                                                                                                                                                                                                                                                    Data Ascii: y4B_$KeJ_L*)J`m$T-#@VnC(g{G09`P}!"ddI%ZVzSI+0o$'"<"&|B@yw~\rRUrEuLT4JMDPd%@zez,c7IJ.3^E1^KZhWh<1tDA


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    61192.168.2.64981289.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC570OUTGET /pcapp/images/3rdparty/ccleaner_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC687INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 11536
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: Jckuv7lJEWWArwwB7OzXZjIwgtRXKmNVHj50gxc4+2CzfQwl7kHjigaLiIqgxTlVMaok8T9+v3RUt3pIIp/UEw==
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25WEG3P71EQCF4K7
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:21 GMT
                                                                                                                                                                                                                                                                                                    ETag: "7499e6a6fdaa9c56e2e130a9fb4aa4f4"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: .93fBossnL9OX6lv17FRXF.LcGV8viKA
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO983Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be1408a7cbaa5854e4a66511c43824
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305493
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC11536INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 2c a5 49 44 41 54 78 01 ed 9d 09 78 5c e5 79 ef ff 73 ce 99 7d 46 bb 64 49 96 64 79 91 f7 15 1b 1b 83 31 4b 02 06 42 42 20 24 81 6c 0d 59 da e4 c9 7a 73 7b 9f f6 26 69 73 73 db de 36 37 37 69 9e b4 4d 9b 36 84 94 84 26 64 23 10 02 d8 04 6c 63 63 6c 6c e3 0d ef bb 6c 49 d6 3e fb 76 e6 9c 73 df f7 1b 49 96 2c 69 2c d9 da 46 fa 7e 0f 83 ac d1 99 33 db f7 3f ef f6 7d ef 67 3b 72 b1 c9 82 44 22 19 10 05 12 89 64 50 a4 40 24 92 2c 48 81 48 24 59 90 02 91 48 b2 20 05 22 91 64 41 0a 44 22 c9 82 14 88 44 92 05 29
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa,IDATxx\ys}FdIdy1KBB $lYzs{&iss677iM6&d#lcclllI>vsI,i,F~3?}g;rD"dP@$,HH$YH "dAD"D)


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    62192.168.2.64981589.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC569OUTGET /pcapp/images/3rdparty/fastapp_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC695INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 38797
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: cHD3aHfxxF0wow6VM2Qfx/0h0/X12r+9TCNVApp06YBzIwTSrswVJaSX14xPTBCytPj0A91g2TZ7uEp9f3Z5JaWM4NZW+fts
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25WAQH9JZH8X1XPE
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:23 GMT
                                                                                                                                                                                                                                                                                                    ETag: "a415145cbfd63e8774c5daf735ff5941"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: pzwyYiC4_z786tONBxVJ6ewozbbk01_I
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO983Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be1408a7c8265954e4a665e9fdb325
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC15689INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 97 22 49 44 41 54 78 01 dd fd 09 fc 65 57 75 1e 88 7e eb d6 bf 06 55 a9 4a 2a cd 25 34 21 24 46 99 41 0c c6 80 07 c0 31 60 83 1b 0f 18 3b 1e 62 a7 9d d7 af bb 13 0f 99 fc ec 97 c4 e9 3c f7 90 8e df cb 4b 27 6e 3b 9e 12 bb 7f 6d 3b b6 89 07 0c c1 01 0c 06 2c 66 04 02 81 40 42 42 f3 ac d2 50 f3 70 56 df 73 f6 fa d6 fa f6 b9 b7 d0 54 b2 f3 eb 03 a5 ff bd e7 ec b3 f7 da 6b fc d6 da fb 9c 6b ff f5 8b 3f 3a c0 00 b8 9b c3 dc e0 e3 b7 e5 11 5f c7 bf 40 9c 5b 7e 5c 36 33 1b 4f 2e 2f 2f ff 37 fe cd cb 63 83 65 3f
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa"IDATxeWu~UJ*%4!$FA1`;b<K'n;m;,f@BBPpVsTkk?:_@[~\63O.//7ce?
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC16384INData Raw: 94 fe 0b fc 28 5c e8 19 01 8a 39 4d c7 aa f2 24 fd 96 72 95 d2 77 49 6e eb 53 da 42 20 4d 99 53 06 b3 e0 b6 40 b5 c2 a7 1c be 2b 7b 73 00 63 4e d5 05 de a0 8b d7 32 22 b4 79 25 f6 46 41 ad 42 dc 9d 80 87 20 47 0d cf 6d f7 d9 9b f1 4d 6f 3e 15 af 7d cb a9 38 ed cc 4d 78 d4 e3 85 2f 04 3e f7 39 3c 55 47 be af c9 e8 91 43 93 52 23 3c 42 47 a0 0a 41 35 c1 7b ab 48 ea e9 a1 0c 11 7b 29 85 90 4f 20 d5 5a 64 76 88 ff 1f ff 2d 9c 45 02 1a d1 d4 59 45 77 54 fa 9a 88 30 e4 29 eb 34 cb 53 cc 41 ba fc a2 f0 5a fb 5b 4a c1 8a 50 eb ab 8c 26 f9 13 ac 9a bb 56 41 40 41 18 c2 52 73 10 9e 9f ce 98 b4 6e d8 1c f1 4b 54 12 61 2a 3a 78 30 a5 7e f3 5b ba 0c 13 ae 24 c2 5c b9 86 0c cf cd 87 b9 30 da 27 98 a3 4a 2f 34 33 89 cf 54 24 f0 52 1b 26 bd 3f 8c d7 a8 33 56 c4 e5 62 95
                                                                                                                                                                                                                                                                                                    Data Ascii: (\9M$rwInSB MS@+{scN2"y%FAB GmMo>}8Mx/>9<UGCR#<BGA5{H{)O Zdv-EYEwT0)4SAZ[JP&VA@ARsnKTa*:x0~[$\0'J/43T$R&?3Vb
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC6724INData Raw: dc 8b 25 1e d8 02 4b 3a a5 5c 23 8b 86 a5 83 82 62 48 57 c2 3b 6c c9 52 2d 64 f2 41 f3 14 5a 07 30 10 a4 68 bd 98 d4 b2 bb 22 81 13 e8 71 41 8d 55 67 e3 3e ab e1 e7 7a 17 b1 cf 6b 7e 02 41 3c 74 9c 5f c4 11 e7 da 81 b3 b2 88 de 13 a9 86 52 19 96 7f df 73 c3 05 38 32 d4 93 57 87 8f 2d f0 7b d7 3d 0b ff e2 2f ae 1c ab 55 e9 c1 92 7e 2f 4f 8e f0 8a 10 b8 53 8e 23 35 2c f5 31 69 77 81 b7 32 47 b1 b4 8a 58 a6 7c 1c a4 00 d4 8a 25 35 41 c2 a3 f6 57 f8 64 7c 9b 7c 3a 16 94 33 4a 79 f6 56 41 d8 5a e7 53 58 79 c1 86 15 2b a2 d5 70 ed a6 58 ef e5 39 b1 b2 46 26 4a e0 9c 6b 7b 5d 50 39 3d 20 8d 7b c3 99 40 7b 8d 12 1f 23 ff f0 5c 79 8d 8c 28 22 4e 55 d1 3a c9 38 8a da 50 42 cb da 86 71 5e c6 c7 2f 1b 60 68 77 b0 34 53 f2 8e cd fa a2 9d 0d 1f 93 97 e3 f5 b6 ad 9b 0c
                                                                                                                                                                                                                                                                                                    Data Ascii: %K:\#bHW;lR-dAZ0h"qAUg>zk~A<t_Rs82W-{=/U~/OS#5,1iw2GX|%5AWd||:3JyVAZSXy+pX9F&Jk{]P9= {@{#\y("NU:8PBq^/`hw4S


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    63192.168.2.64981489.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC588OUTGET /pcapp/images/3rdparty/msoffice2021_profplus_bind_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC687INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:24 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 15794
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: BoEaZrOdJxauckFO0GD9SZtWW1lmydy1ZIHbUUecegjyxCiDxPUACzavtm6ULeZmMnnknKF4T+pV0uDIXlRhvQ==
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25W77CYPV576R5J5
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 18 Nov 2022 17:12:08 GMT
                                                                                                                                                                                                                                                                                                    ETag: "fc5f53986e7a9b4d30ee66e3fc7ceabf"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: BgXRs8DkmTtlwGZwXMYCMMUdHIks4Szj
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/f44CAJySO983Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be140857b5455a54e4a665f69b652a
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171167
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167551
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC15697INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 3d 47 49 44 41 54 78 01 ed 7d 69 90 24 c7 75 de cb ea 9e 73 67 66 ef c5 62 81 3d 00 90 00 88 d3 24 00 8a c4 2e 25 50 94 6d 12 60 50 a2 0e 93 a2 0e 33 c2 11 66 58 11 0a ff 90 1d 76 84 23 1c e1 e3 97 fc 4f 11 fe 61 fe 71 d8 3f 24 c2 92 23 6c c9 02 24 51 e2 05 02 14 89 9b 58 00 24 40 60 01 ec 02 d8 0b bb 3b bb b3 73 76 d7 73 be cc 7c 99 2f b3 aa 7a 7a 66 7a 66 ba 67 eb 4d f4 54 55 56 d6 d1 d5 f9 e5 f7 bd 97 47 a9 53 ef 9d 45 a8 ad b6 2d 64 4a 29 68 34 32 68 b5 da b0 56 cb a0 b6 da 6a ab b4 1a 20 b5 d5 d6 c1
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa=GIDATx}i$usgfb=$.%Pm`P3fXv#Oaq?$#l$QX$@`;svs|/zzfzfgMTUVGSE-dJ)h42hVj
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC97INData Raw: 16 37 b0 ca 77 5e 13 79 69 fd ba c3 83 0d 10 ea 66 72 fd 87 33 38 f1 62 1b 64 f4 26 05 0b b3 47 83 41 a2 92 42 98 00 c6 ac 89 02 ef 5b c9 c9 5c a3 64 d9 39 c4 65 7d 3f d7 32 89 84 9c 09 61 d9 10 3b 76 4a 49 2b 5a 2c b9 8e 4b fb ff 76 e9 7d 9c c7 55 b0 f7 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                                    Data Ascii: 7w^yifr38bd&GAB[\d9e}?2a;vJI+Z,Kv}UIENDB`


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    64192.168.2.649828167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC789OUTGET /pixel.gif?evt_src=fa_menu_store&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242450&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    65192.168.2.649827167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC787OUTGET /pixel.gif?evt_src=main_window&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242453&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    66192.168.2.64982989.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC569OUTGET /pcapp/images/3rdparty/avastav_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 6329
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: sAwvJ+Zku4nS77Gt2Xzr3wZ9h28uyGIVoaN7oFtLTUkbNyjA6c9/2Q5s4kQ+ifGLeIGVpi9eL8c=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25WFDCSKSXMW6755
                                                                                                                                                                                                                                                                                                    Last-Modified: Tue, 15 Nov 2022 09:34:59 GMT
                                                                                                                                                                                                                                                                                                    ETag: "fdabc248594be4cca54df70e246dd598"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: Mn1OuX21IuS5fsrT7YDhirIuwBw5BWjh
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/gI4CAJySO+I3Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be14083dca5e5e55e4a66598ab4801
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171168
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167552
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC6329INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 18 4e 49 44 41 54 78 01 ed 9d 09 78 14 55 b6 c7 ff 59 49 c8 02 21 c8 12 08 90 a8 24 b2 08 22 a8 a0 2c 06 15 07 10 74 c4 11 47 51 71 41 45 47 7d 8e c2 1b 44 47 07 50 19 74 7c a8 0f 1c 37 be 11 46 e7 e1 32 e0 83 11 54 50 70 64 47 04 04 12 40 f6 04 02 61 c9 4e 16 92 b9 e7 36 95 a4 d3 dd 95 ea bd 6e f5 f9 7d 5f 7f 49 aa ab 2b 9d ce fd d7 59 ee b9 e7 86 f5 e8 77 53 2d 18 86 71 4a 38 18 86 71 09 0b 84 61 74 60 81 30 8c 0e 2c 10 86 d1 81 05 c2 30 3a b0 40 18 46 07 16 08 c3 e8 c0 02 61 18 1d 58 20 0c a3 03 0b 84
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAaNIDATxxUYI!$",tGQqAEG}DGPt|7F2TPpdG@aN6n}_I+YwS-qJ8qat`0,0:@FaX


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    67192.168.2.64983089.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC570OUTGET /pcapp/images/3rdparty/mcafeeav_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC674INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 3194
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: ydguezJ9lpkjRh7aOhtEErTv3uUIJLBDU7VvW2KQIn6tc5e9SP6lrp07EnyIWhkL1R+QTmCLTwQ=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25WEVE6YCKP0AWAQ
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:25 GMT
                                                                                                                                                                                                                                                                                                    ETag: "69a3f68e28ccec3bdebf85f599636057"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: e6c8PXBBRyLJcmpnhK39YnkbO..vCXsl
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/gI4CAJySO+I3Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be14089cab715e55e4a665d19b8501
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171168
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167552
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC3194INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 0c 0f 49 44 41 54 78 01 ed dd 5f 68 95 f7 1d c7 f1 5f 86 42 0b cb 19 e6 42 21 19 44 88 a5 b1 34 05 c1 44 d8 45 69 6d a5 bd 99 ed 94 5e 99 a1 75 37 8b 60 76 d7 0c 6a af dc 60 7a d5 4d a8 57 6d 33 34 57 43 3b bb 1b 8b a2 5d a1 65 31 d9 06 9d 4c a5 0a 06 16 a1 5e 24 90 33 66 c1 40 f7 7c 9e 93 df f1 97 93 73 be e7 ff 39 cf 79 ce fb 55 0e 36 c9 79 4e 1e e1 f7 79 9e df f7 fb 3c 3e bf 9e cb 23 3b be 77 00 8a fa 81 03 50 12 01 01 0c 04 04 30 10 10 c0 40 40 00 03 01 01 0c 04 04 30 10 10 c0 40 40 00 03 01 01 0c 04
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAaIDATx_h_BB!D4DEim^u7`vj`zMWm34WC;]e1L^$3f@|s9yU6yNy<>#;wP0@@0@@


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    68192.168.2.64983189.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:24 UTC570OUTGET /pcapp/images/3rdparty/nortonav_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC707INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 36503
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: lDRq9U5TjqQW6qV4aPlkCcxf5Fs32vmQnSxa45xWU+F+ZLDip+sGz3o6wCsKcNGhEoaQtvj5ERLyoDRMAN3CGeqZNpSOaxqJjnt3//WoDHk=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25W1FP06F7MNXWFH
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:31 GMT
                                                                                                                                                                                                                                                                                                    ETag: "ff6c3c0e5a054dc275374a5068ea1b44"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: xu6cW606tb7Fp1bWcIbNuLxdoIbaqeYV
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83NzfvApcCAJySO+I3Nzf/mXsAAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be14085bbd8f5e55e4a665aff41702
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706303088
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705266515
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 201371
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 169730
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC15677INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 8e 2c 49 44 41 54 78 01 ed bd 07 c0 65 57 55 2f fe 5b 77 be e9 93 de 43 20 21 84 40 12 02 84 16 40 40 09 20 08 48 07 e9 20 58 00 fd 2b c2 e3 61 7b 88 82 22 3e 15 bb 80 58 10 14 04 21 f4 de 5b e8 35 10 42 4b 48 48 2f 93 64 32 7d e6 ae ff 3d 67 af f2 5b fb de 09 49 be c1 e7 d3 b7 93 6f ee 3d e7 ec b3 f7 aa bf b5 76 39 e7 ca 2d 4f be e7 54 44 30 2b a2 b3 22 76 30 2b 3a 9c a3 4f 74 e7 31 54 9d dd 82 05 d7 ca 3d 0b ea f5 a5 d4 5f 40 07 50 69 28 65 a8 3a 9d 0e f7 cc f1 e0 6d 31 7f b8 8e be e2 9c b5 9b 34 34 26
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa,IDATxeWU/[wC !@@@ H X+a{">X![5BKHH/d2}=g[Io=v9-OTD0+"v0+:Ot1T=_@Pi(e:m144&
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC16384INData Raw: 95 71 68 69 67 6d d3 b9 14 27 12 f0 5f ce cb a7 fb 60 99 a2 c5 c9 f6 b4 9f 3a 03 21 92 14 97 b5 c8 0e e5 1e 35 7c 19 9e a2 7b d4 9d b7 61 6f 96 21 6d 79 cd 2c d7 1f f2 fd 6b b7 f5 03 9e 78 e7 17 83 8b b1 5e 07 a7 66 e8 ce 53 34 92 48 eb 73 72 62 b2 a2 e7 20 b2 8e 81 83 4f fe b4 04 6d d8 4c f8 94 c7 3d ec 87 b1 02 dd bd 13 72 e9 07 b1 12 57 8f c7 d3 a5 03 66 f9 e8 93 ed 77 c7 80 55 bb 2e c4 aa 6b de b3 c7 fb 1f 75 a7 ed f8 f0 59 ab e5 cc 1f cc 4f 0d 6b d8 91 23 86 fa 10 c3 75 8c 04 48 5f 38 04 03 72 df 64 da 24 9a 49 da fd ea 3a d0 f8 24 3a 68 52 36 f0 9a e2 b2 1b 11 62 04 2b 49 2b 40 bb 07 53 c9 69 ea a9 3c fb de 56 3e 7d a8 94 37 b9 f9 b6 c6 33 e2 52 cc e2 30 6c 29 81 10 e1 79 3d b3 06 5f 23 d0 a4 0a 5c cb de 40 a1 1e 9c 14 99 53 0e db a0 9f fb 80 6b 71
                                                                                                                                                                                                                                                                                                    Data Ascii: qhigm'_`:!5|{ao!my,kx^fS4Hsrb OmL=rWfwU.kuYOk#uH_8rd$I:$:hR6b+I+@Si<V>}73R0l)y=_#\@Skq
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC4442INData Raw: 0a 81 73 93 85 bd 72 09 22 d5 18 81 dc d7 54 e8 b7 01 51 b9 26 91 f5 48 5f 5f 22 14 a5 7d 39 3d ac b7 06 8c 1a 38 9c b2 b5 af e6 de 89 0f 52 c6 1d 9d 0d 8d 3f e2 29 29 af 14 9a 54 d9 6a 8a 10 a9 41 e3 c9 99 f4 10 11 42 f6 61 a9 43 49 0a 65 3c 4e 0f ef 10 25 33 02 50 62 94 15 3b 4c f2 6f 3d bd 6e 24 a1 34 a1 bf 5e 65 74 4c 20 95 f6 2f 45 d0 5e 91 fb b5 28 a6 5a fa a1 ba 1a a3 e4 a0 46 4b 9b b2 88 1a ba 7f 5e ae 63 4d fa f9 33 16 cd 1c c8 19 78 89 d5 63 d0 29 ce 1b e7 a1 25 72 90 c5 99 de e3 7a 3e 57 21 41 06 0f 9f 85 69 20 dd b4 cf 5e 27 12 c0 db 29 d5 3e e6 dd 5e 1d 48 8a 83 09 dc b5 25 72 4f e5 a6 42 08 40 60 35 c9 58 6c 90 4e 84 d9 36 87 49 bc c4 5a aa 5b 31 b3 ea cc 7a 0a e9 f6 ee 75 ec ad 7b d9 b6 0b 57 d0 13 4b 33 24 24 60 24 52 27 c3 70 00 d0 c8 02
                                                                                                                                                                                                                                                                                                    Data Ascii: sr"TQ&H__"}9=8R?))TjABaCIe<N%3Pb;Lo=n$4^etL /E^(ZFK^cM3xc)%rz>W!Ai ^')>^H%rOB@`5XlN6IZ[1zu{WK3$$`$R'p


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    69192.168.2.64983289.187.177.16443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC570OUTGET /pcapp/images/3rdparty/avastvpn_square_logo.png HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: repcdn.pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC707INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/png
                                                                                                                                                                                                                                                                                                    Content-Length: 10931
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    x-amz-id-2: bvegYYkS824ybesiaNGLspMsNVN5HTx/1k58bFMSCWTFeu8IR6GU4QtytQNw8ZjbFVaWn966r2/uzuLPY0g/U64XDyhh4QYgKsHj/hCeh7U=
                                                                                                                                                                                                                                                                                                    x-amz-request-id: 25W89NKWCFVM3PGF
                                                                                                                                                                                                                                                                                                    Last-Modified: Fri, 11 Nov 2022 15:48:17 GMT
                                                                                                                                                                                                                                                                                                    ETag: "4312b0b56098f556af63de6279d38762"
                                                                                                                                                                                                                                                                                                    x-amz-version-id: YPHokoLeO.WBh9xfNZa3Am0yv4lVFtoF
                                                                                                                                                                                                                                                                                                    X-77-NZT: Alm7sQ83Nzf/gI4CAJySO+I3Nzf/IA4AAA
                                                                                                                                                                                                                                                                                                    X-77-NZT-Ray: 49be140833a7d15f55e4a665f3e10b07
                                                                                                                                                                                                                                                                                                    X-Accel-Expires: @1706305160
                                                                                                                                                                                                                                                                                                    X-Accel-Date: 1705268693
                                                                                                                                                                                                                                                                                                    X-77-Cache: HIT
                                                                                                                                                                                                                                                                                                    X-77-Age: 171168
                                                                                                                                                                                                                                                                                                    Server: CDN77-Turbo
                                                                                                                                                                                                                                                                                                    X-Cache-LB: HIT
                                                                                                                                                                                                                                                                                                    X-Age-LB: 167552
                                                                                                                                                                                                                                                                                                    X-77-POP: newyorkUSNY
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC10931INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 c8 08 06 00 00 00 ad 58 ae 9e 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 2a 48 49 44 41 54 78 01 ed 9d 07 9c 1c 65 dd c7 7f 33 b3 ed b6 5c cd e5 d2 2f 8d 34 92 10 42 2a 10 20 a1 26 20 79 a5 a8 88 18 a4 48 55 50 10 54 78 05 15 d1 57 e9 06 04 41 2c 28 22 20 5d 22 a0 10 4a 08 49 08 69 90 9e 90 e4 72 97 eb 75 6f fb ce bc cf 33 5b 6e 66 76 66 76 f7 4a c8 cd 3d df cf e7 6e 77 9f 79 e6 99 d9 bb e7 37 ff f2 3c f3 0c 37 7d f6 52 09 0c 06 43 17 1e 0c 06 c3 10 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06 c3 04 26 10 06
                                                                                                                                                                                                                                                                                                    Data Ascii: PNGIHDRXpHYssRGBgAMAa*HIDATxe3\/4B* & yHUPTxWA,(" ]"JIiruo3[nfvfvJ=nwy7<7}RC&&&&&&&&&


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    70192.168.2.649833167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC792OUTGET /pixel.gif?evt_src=fa_notifications&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242456&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:25 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:25 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    71192.168.2.649801167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC785OUTGET /pixel.gif?evt_src=fa_topbar&evt_action=created&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436242488&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:26 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    72192.168.2.649805167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC239OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=windows_created&&eng_time=1705441700877&nocache=5759265 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:26 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:26 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    73192.168.2.649835204.79.197.222443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:29 UTC462OUTGET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1
                                                                                                                                                                                                                                                                                                    Origin: https://www.bing.com
                                                                                                                                                                                                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                    Host: fp.msedge.net
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC428INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Cache-Control: public,max-age=900
                                                                                                                                                                                                                                                                                                    Content-Length: 17958
                                                                                                                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                                                                    ETag: "674816515"
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309
                                                                                                                                                                                                                                                                                                    X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                                                                                                    X-MSEdge-Ref: Ref A: 16C76B9823AE40338F138BA1071A29AF Ref B: TEB31EDGE0219 Ref C: 2024-01-16T20:17:29Z
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:30 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC3751INData Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b
                                                                                                                                                                                                                                                                                                    Data Ascii: {"s":5000,"n":3,"e":[{"e":"*.azr.footprintdns.com","w":5000,"m":128},{"e":"*.clo.footprintdns.com","w":2000,"m":1},{"e":"*.clo.footprintdns.com","w":100,"m":128},{"e":"*.nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC48INData Raw: 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61
                                                                                                                                                                                                                                                                                                    Data Ascii: ":128},{"e":"doh21prdapp01-canary-opaph.netmon.a
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC4096INData Raw: 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 31 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 6f 68 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 64 73 6d 30 36 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f
                                                                                                                                                                                                                                                                                                    Data Ascii: zure.com","w":3,"m":128},{"e":"doh21prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"doh22prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"doh22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"dsm06prdapp02-canary.netmo
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC4096INData Raw: 67 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6a 67 61 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6a 67 61 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6a 68 7a 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22
                                                                                                                                                                                                                                                                                                    Data Ascii: ga20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"jga20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"jga20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"jhz20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC4096INData Raw: 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 31 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 31 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 37 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 70 68 78 38 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68
                                                                                                                                                                                                                                                                                                    Data Ascii: zure.com","w":3,"m":128},{"e":"phx10prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx10prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx70prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"phx80prdapp01-canary-opaph
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC1871INData Raw: 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 2d 73 31 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 2d 73 32 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 74 79 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 74 79 6f 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 74 79 6f 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72
                                                                                                                                                                                                                                                                                                    Data Ascii: ":2000,"m":3},{"e":"t-s1-ring.msedge.net","w":50,"m":3},{"e":"t-s2-ring.msedge.net","w":200,"m":3},{"e":"ty1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"tyo20prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"tyo20prdapp02-canary.netmon.azur


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    74192.168.2.649836173.222.162.64443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:30 UTC2257OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                                                                                                                                                    Origin: https://www.bing.com
                                                                                                                                                                                                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Language: en-CH
                                                                                                                                                                                                                                                                                                    Content-type: text/xml
                                                                                                                                                                                                                                                                                                    X-Agent-DeviceId: 01000A410900C4F3
                                                                                                                                                                                                                                                                                                    X-BM-CBT: 1696488253
                                                                                                                                                                                                                                                                                                    X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                                                                                                                    X-BM-DeviceDimensions: 784x984
                                                                                                                                                                                                                                                                                                    X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                                                                                                                                                    X-BM-DeviceScale: 100
                                                                                                                                                                                                                                                                                                    X-BM-DTZ: 120
                                                                                                                                                                                                                                                                                                    X-BM-Market: CH
                                                                                                                                                                                                                                                                                                    X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                                                                                                                    X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                                                                                                                    X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D
                                                                                                                                                                                                                                                                                                    X-Device-isOptin: false
                                                                                                                                                                                                                                                                                                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                                                                                                                    X-Device-OSSKU: 48
                                                                                                                                                                                                                                                                                                    X-Device-Touch: false
                                                                                                                                                                                                                                                                                                    X-DeviceID: 01000A410900C4F3
                                                                                                                                                                                                                                                                                                    X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c
                                                                                                                                                                                                                                                                                                    X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                                                                                                                                                    X-PositionerType: Desktop
                                                                                                                                                                                                                                                                                                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                                                                                                                    X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                                                                                                                    X-Search-SafeSearch: Moderate
                                                                                                                                                                                                                                                                                                    X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
                                                                                                                                                                                                                                                                                                    X-UserAgeClass: Unknown
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                                                                                                    Host: www.bing.com
                                                                                                                                                                                                                                                                                                    Content-Length: 1794
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                    Cookie: MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUIDB=81C61E09498D41CC97CDBBA354824ED1
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:30 UTC1794OUTData Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43
                                                                                                                                                                                                                                                                                                    Data Ascii: <ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"C
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:30 UTC478INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                    Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                                    X-MSEdge-Ref: Ref A: D820206A252442B5893D687CF08D96AC Ref B: LAX311000108019 Ref C: 2024-01-16T20:17:30Z
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:30 GMT
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                                                                                                                    X-CDN-TraceID: 0.40a6dc17.1705436250.cd4718


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    75192.168.2.649806167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:30 UTC379OUTGET /notify_app_v2.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&lastid=0&lasttime=0&end_v=fa.1060&nocache=5759078 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:31 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC12INData Raw: 32 0d 0a 23 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 2#0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    76192.168.2.649834167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:31 UTC418OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=printers_add&printers%5B0%5D=OneNote&printers%5B1%5D=OneNote%20%28Desktop%29&printers%5B2%5D=Microsoft%20XPS%20Document%20Writer&printers%5B3%5D=Microsoft%20Print%20to%20PDF&printers%5B4%5D=Fax&eng_time=1705441700980&nocache=5763765 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:32 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:32 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:32 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    77192.168.2.649837167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:33 UTC242OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_product&evt_action=notify_widget_hide&&eng_time=1705441701449&nocache=5769203 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:33 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:33 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:33 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    78192.168.2.649838167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:34 UTC235OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=wlanspots&&eng_time=1705441701920&nocache=5770609 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:35 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:35 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:35 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    79192.168.2.649839167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:36 UTC1934OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B5%5D=0&software%5B0%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B2%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B3%5D=20231005&software%5B4%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B5%5D=0&software%5B6%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&eng_time=1705441703824&nocache=5772015 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:36 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:36 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:36 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    80192.168.2.649840167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:37 UTC1877OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B2%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B3%5D=C2RInt.16.msi&software%5B4%5D=Microsoft%20Corporation&software%5B5%5D=16.0.16827.20130&eng_time=1705441703825&nocache=5773515 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:37 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:37 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:37 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    81192.168.2.649803167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:38 UTC822OUTGET /pixel.gif?evt_src=fa_menu_store&evt_action=updated&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436244411&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    Cookie: finishInstallInApp=done
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    82192.168.2.649841142.250.65.2384437196C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:38 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000000EC65046B8 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: clients1.google.com
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC817INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-F7ZNsMScTUTRz31G5InH2g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                                                                                    Content-Security-Policy: script-src 'report-sample' 'nonce-gDhohQcbNfKaOTdIDYqeCA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                                                                    Content-Length: 220
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Expires: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Cache-Control: private, max-age=0
                                                                                                                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                                    Server: GSE
                                                                                                                                                                                                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC220INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 43 41 31 30 39 33 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 38 33 34 66 32 62 61 30 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: rlzC1: 1C1ONGR_enCA1093rlzC2: 1C2ONGR_enCA1093rlzC7: 1C7ONGR_enCA1093dcc: set_dcc: C1:1C1ONGR_enCA1093,C2:1C2ONGR_enCA1093,C7:1C7ONGR_enCA1093events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 834f2ba0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    83192.168.2.649842167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC1971OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008C-0000-0000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe55.msi&software%5B0%5D%5BPackageCode%5D=%7BB127AD3D-F593-4D9E-9311-2DA2A8221F62%7D&software%5B0%5D%5BPackageName%5D=C2RInt.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=1760269214&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B3%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B1%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B2%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B3%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B4%5D=20231005&eng_time=1705441703826&nocache=5774937 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    84192.168.2.649843167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC830OUTGET /pixel.gif?evt_src=fa_menu_store&evt_action=open_start_menu&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436258360&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    Cookie: finishInstallInApp=done
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    85192.168.2.649844167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:39 UTC819OUTGET /pixel.gif?evt_src=fa_menu_store&evt_action=show&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436258887&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    Cookie: finishInstallInApp=done
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:40 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:40 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    86192.168.2.649845167.99.235.203443352C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:40 UTC820OUTGET /pixel.gif?evt_src=fa_menu_store&evt_action=close&guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&ncrd=1705436259333&user-agent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.0.0%20Safari/537.36 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                                                    sec-ch-ua: "Not A(Brand";v="24", "Chromium";v="110"
                                                                                                                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                                    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
                                                                                                                                                                                                                                                                                                    Cookie: finishInstallInApp=done
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:12 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:12 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:12 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    87192.168.2.64984720.25.241.18443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 76 63 4d 39 57 41 55 79 45 36 58 6b 46 31 6e 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 66 64 36 30 38 36 62 66 39 32 35 36 31 61 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: evcM9WAUyE6XkF1n.1Context: 62fd6086bf92561a
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 65 76 63 4d 39 57 41 55 79 45 36 58 6b 46 31 6e 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 66 64 36 30 38 36 62 66 39 32 35 36 31 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: evcM9WAUyE6XkF1n.2Context: 62fd6086bf92561a<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 76 63 4d 39 57 41 55 79 45 36 58 6b 46 31 6e 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 36 32 66 64 36 30 38 36 62 66 39 32 35 36 31 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: evcM9WAUyE6XkF1n.3Context: 62fd6086bf92561a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:43 UTC58INData Raw: 4d 53 2d 43 56 3a 20 76 75 6e 58 51 67 31 50 78 45 69 47 69 57 4d 4a 4d 53 4f 41 63 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: vunXQg1PxEiGiWMJMSOAcA.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    88192.168.2.649848167.99.235.2034435408C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:45 UTC395OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=start&&nocache=5780015 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:45 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:45 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:45 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    89192.168.2.649846167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:47 UTC1719OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=0&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B3%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B1%5D=0&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B3%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&eng_time=1705441703828&nocache=5776437 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:48 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:48 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:48 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    90192.168.2.649849167.99.235.2034435408C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:48 UTC356OUTGET /fa_version.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&end_v=fa.1060&nocache=5781671 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC509INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:49 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                                    Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC18INData Raw: 38 0d 0a 66 61 2e 31 30 35 39 6f 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 8fa.1059o0


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    91192.168.2.649850167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC1972OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-00DD-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Extensibility%20Component%2064-bit%20Registration&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe59.msi&software%5B0%5D%5BPackageCode%5D=%7B7AFC3050-A586-449A-A13B-319B7628DABA%7D&software%5B0%5D%5BPackageName%5D=C2RInt64.16.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20056&software%5B0%5D%5Bid%5D=2876741644&software%5B1%5D=C2RInt64.16.msi&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B1%5D=C2RInt64.16.msi&software%5B2%5D=Microsoft%20Corporation&software%5B3%5D=16.0.16827.20056&software%5B4%5D=2876741644&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B5%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B6%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B7%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&eng_time=1705441703829&nocache=5785125 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:56 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:56 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:56 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    92192.168.2.649851167.99.235.2034435408C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC393OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_auto_updater&evt_action=end&&nocache=5785140 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:49 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:49 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    93192.168.2.649852167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:58 UTC1768OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B2%5D=0&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B4%5D=Office%2016%20Click-to-Run%20Licensing%20Component&eng_time=1705441703831&nocache=5793750 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:58 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:58 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:58 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    94192.168.2.649853167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:59 UTC1888OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BDescription%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BIdentifyingNumber%5D=%7B90160000-008F-0000-1000-0000000FF1CE%7D&software%5B0%5D%5BInstallDate%5D=20231005&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%20%28x86%29%2FMicrosoft%20Office%2Froot%2FIntegration%2F&software%5B0%5D%5BLanguage%5D=0&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BName%5D=Office%2016%20Click-to-Run%20Licensing%20Component&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8fe51.msi&software%5B0%5D%5BPackageCode%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B0%5D%5BPackageName%5D=SPPRedist64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=16.0.16827.20130&software%5B0%5D%5Bid%5D=3947252638&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B4%5D=16.0.16827.20130&software%5B1%5D=%7B2221F95F-A0FD-4F01-B25B-B7786FC2B473%7D&software%5B2%5D=SPPRedist64.msi&software%5B3%5D=Microsoft%20Corporation&software%5B4%5D=16.0.16827.20130&software%5B5%5D=3947252638&software%5B6%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&eng_time=1705441703832&nocache=5795140 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:59 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:17:59 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:17:59 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    95192.168.2.649854167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:03 UTC1951OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B1%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B4%5D=1033&eng_time=1705441703834&nocache=5796546 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:04 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:04 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:04 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    96192.168.2.649855167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:05 UTC1781OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B3%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&eng_time=1705441703835&nocache=5800968 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:05 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:05 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:05 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    97192.168.2.64985752.159.126.152443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 45 59 72 36 35 38 63 76 63 6b 4f 6b 4a 49 57 6d 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 31 32 64 38 66 36 35 61 35 37 36 39 37 61 34 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: EYr658cvckOkJIWm.1Context: d12d8f65a57697a4
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 45 59 72 36 35 38 63 76 63 6b 4f 6b 4a 49 57 6d 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 31 32 64 38 66 36 35 61 35 37 36 39 37 61 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: EYr658cvckOkJIWm.2Context: d12d8f65a57697a4<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 45 59 72 36 35 38 63 76 63 6b 4f 6b 4a 49 57 6d 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 31 32 64 38 66 36 35 61 35 37 36 39 37 61 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: EYr658cvckOkJIWm.3Context: d12d8f65a57697a4<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:11 UTC58INData Raw: 4d 53 2d 43 56 3a 20 2b 79 46 4f 48 31 71 4e 2f 6b 75 4b 66 78 2b 76 43 33 55 67 30 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: +yFOH1qN/kuKfx+vC3Ug0Q.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    98192.168.2.649856167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:22 UTC1948OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7B0025DD72-A959-45B5-A0A3-7EFEB15A8050%7Dv14.36.32532%2Fpackages%2FvcRuntimeAdditional_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Additional%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6ab.msi&software%5B0%5D%5BPackageCode%5D=%7BDD2B5EB1-E08E-45CD-8D47-2D0457D64BA3%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeAdditional_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=683550624&software%5B1%5D=Microsoft%20Corporation&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B3%5D=683550624&software%5B4%5D=Java%208%20Update%20381&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B6%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B4%5D=Java%208%20Update%20381&software%5B5%5D=Java%208%20Update%20381&software%5B6%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B7%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&eng_time=1705441703836&nocache=5802375 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:22 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:22 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:22 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    99192.168.2.649859167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:23 UTC1868OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B2%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B1%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B2%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B3%5D=1033&eng_time=1705441703837&nocache=5819234 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:23 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:23 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:23 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    100192.168.2.649860167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:27 UTC1926OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=Java%208%20Update%20381&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B3%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B1%5D=Java%208%20Update%20381&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B3%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B4%5D=jre1.8.0_381.msi&eng_time=1705441703839&nocache=5820671 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:28 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:28 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:28 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    101192.168.2.649861167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:29 UTC1866OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=hardz&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B3%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B1%5D=hardz&software%5B2%5D=https%3A%2F%2Fjava.com&software%5B3%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B4%5D=Oracle%20Corporation&eng_time=1705441703840&nocache=5825109 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:29 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:29 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:29 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    102192.168.2.649862167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:30 UTC1965OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%208%20Update%20381&software%5B0%5D%5BDescription%5D=Java%208%20Update%20381&software%5B0%5D%5BHelpLink%5D=https%3A%2F%2Fjava.com%2Fhelp&software%5B0%5D%5BIdentifyingNumber%5D=%7B77924AE4-039E-4CA4-87B4-2F32180381F0%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%20%28x86%29%2FJava%2Fjre-1.8%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BName%5D=Java%208%20Update%20381&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b696.msi&software%5B0%5D%5BPackageCode%5D=%7B5836130C-94DE-458E-8D8D-3A556054D7B0%7D&software%5B0%5D%5BPackageName%5D=jre1.8.0_381.msi&software%5B0%5D%5BProductID%5D=none&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=https%3A%2F%2Fjava.com&software%5B0%5D%5BURLUpdateInfo%5D=https%3A%2F%2Fwww.oracle.com%2Ftechnetwork%2Fjava%2Fjavase%2Fdownloads&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=8.0.3810.9&software%5B0%5D%5Bid%5D=4108200906&software%5B1%5D=4108200906&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B4%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B4%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B5%5D=%0A%09%09%09&eng_time=1705441703842&nocache=5826531 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:31 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:30 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:31 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    103192.168.2.649863167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:32 UTC1861OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=20231003&software%5B1%5D=20231003&software%5B2%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B1%5D=20231003&software%5B2%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B3%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&eng_time=1705441703843&nocache=5827953 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:32 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:32 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:32 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    104192.168.2.649864167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:36 UTC1840OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B1%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B2%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B3%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&eng_time=1705441703845&nocache=5829343 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:36 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:36 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:36 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    105192.168.2.649865167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:38 UTC1954OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=AcroPro.msi&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B4%5D=http%3A%2F%2Fwww.adobe.com&software%5B1%5D=AcroPro.msi&software%5B2%5D=16&software%5B3%5D=hardz&software%5B4%5D=http%3A%2F%2Fwww.adobe.com&software%5B5%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&eng_time=1705441703847&nocache=5833781 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:38 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:38 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:38 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    106192.168.2.649866167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:39 UTC1893OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BDescription%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BHelpLink%5D=http%3A%2F%2Fwww.adobe.com%2Fsupport%2Fmain.html&software%5B0%5D%5BHelpTelephone%5D=%0A%09%09%09&software%5B0%5D%5BIdentifyingNumber%5D=%7BAC76BA86-1033-1033-7760-BC15014EA700%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallLocation%5D=C%3A%2FProgram%20Files%2FAdobe%2FAcrobat%20DC%2F&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgram%20Files%2FCommon%20Files%2FAdobe%2FAcrobat%2FSetup%2F%7BAC76BA86-1033-1033-7760-BC15014EA700%7D%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BName%5D=Adobe%20Acrobat%20%2864-bit%29&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b690.msi&software%5B0%5D%5BPackageCode%5D=%7B685E6C9F-5FF4-4CA8-B456-415E46939652%7D&software%5B0%5D%5BPackageName%5D=AcroPro.msi&software%5B0%5D%5BProductID%5D=16&software%5B0%5D%5BRegOwner%5D=hardz&software%5B0%5D%5BURLInfoAbout%5D=http%3A%2F%2Fwww.adobe.com&software%5B0%5D%5BURLUpdateInfo%5D=http%3A%2F%2Fhelpx.adobe.com%2Facrobat.html&software%5B0%5D%5BVendor%5D=Adobe&software%5B0%5D%5BVersion%5D=23.006.20320&software%5B0%5D%5Bid%5D=608935337&software%5B1%5D=23.006.20320&software%5B1%5D=23.006.20320&software%5B2%5D=608935337&software%5B3%5D=&software%5B3%5D=&software%5B4%5D=%7B9AC08E99-230B-47e8-9721-4577B7F124EA%7D&software%5B3%5D=&software%5B4%5D=%7B9AC08E99-230B-47e8-9721-4577B7F124EA%7D&software%5B5%5D=0&software%5B6%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&eng_time=1705441703849&nocache=5835265 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:39 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:39 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:39 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    107192.168.2.649867167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:41 UTC1931OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B1%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B2%5D=20231003&software%5B3%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B4%5D=1033&eng_time=1705441703850&nocache=5836750 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:41 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:41 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:41 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                    108192.168.2.64986952.159.126.152443
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6e 53 4f 57 55 48 56 6a 37 45 79 5a 74 39 4e 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 30 64 33 30 35 37 33 33 33 62 34 37 62 37 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: CNT 1 CON 305MS-CV: nSOWUHVj7EyZt9Nk.1Context: 320d3057333b47b7
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC1064OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6e 53 4f 57 55 48 56 6a 37 45 79 5a 74 39 4e 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 30 64 33 30 35 37 33 33 33 62 34 37 62 37 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 57 41 36 43 6f 46 45 73 51 78 33 2b 6a 6d 57 6b 32 2b 64 73 4a 6e 68 53 41 6d 4a 53 51 72 72 67 50 6c 4d 75 34 65 53 54 4a 55 43 2f 46 6e 32 4f 66 51 30 4e 76 37 49 36 6e 55 49 38 62 30 78 4e 35 31 4f 50 74 41 66 43 36 68 2b 50 4f 49 65 6e 7a 49 6b 32 49 52 65 62 71 65 6d 6a 55 70 67 35 39 65 50 36 68 4f 7a 35 52 56 7a 71 52
                                                                                                                                                                                                                                                                                                    Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: nSOWUHVj7EyZt9Nk.2Context: 320d3057333b47b7<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAWA6CoFEsQx3+jmWk2+dsJnhSAmJSQrrgPlMu4eSTJUC/Fn2OfQ0Nv7I6nUI8b0xN51OPtAfC6h+POIenzIk2IRebqemjUpg59eP6hOz5RVzqR
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6e 53 4f 57 55 48 56 6a 37 45 79 5a 74 39 4e 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 33 32 30 64 33 30 35 37 33 33 33 62 34 37 62 37 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
                                                                                                                                                                                                                                                                                                    Data Ascii: BND 3 CON\WNS 0 197MS-CV: nSOWUHVj7EyZt9Nk.3Context: 320d3057333b47b7<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
                                                                                                                                                                                                                                                                                                    Data Ascii: 202 1 CON 58
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:47 UTC58INData Raw: 4d 53 2d 43 56 3a 20 7a 57 4e 6d 78 54 68 64 55 45 47 53 39 53 52 4b 35 74 64 6d 64 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
                                                                                                                                                                                                                                                                                                    Data Ascii: MS-CV: zWNmxThdUEGS9SRK5tdmdQ.0Payload parsing failed.


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    109192.168.2.649868167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:49 UTC1758OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B1%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B3%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&eng_time=1705441703851&nocache=5838234 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:49 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:49 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:49 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    110192.168.2.649870167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:53 UTC1913OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BDescription%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BIdentifyingNumber%5D=%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FProgramData%2FPackage%20Cache%2F%7BD5D19E2F-7189-42FE-8103-92CD1FA457C2%7Dv14.36.32532%2Fpackages%2FvcRuntimeMinimum_amd64%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BName%5D=Microsoft%20Visual%20C%2B%2B%202022%20X64%20Minimum%20Runtime%20-%2014.36.32532&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b6a7.msi&software%5B0%5D%5BPackageCode%5D=%7B4E8C8C37-B448-4BB0-8A8B-F640B3239F71%7D&software%5B0%5D%5BPackageName%5D=vc_runtimeMinimum_x64.msi&software%5B0%5D%5BVendor%5D=Microsoft%20Corporation&software%5B0%5D%5BVersion%5D=14.36.32532&software%5B0%5D%5Bid%5D=3799061807&software%5B1%5D=Microsoft%20Corporation&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B1%5D=Microsoft%20Corporation&software%5B2%5D=14.36.32532&software%5B3%5D=3799061807&software%5B4%5D=Java%20Auto%20Updater&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B6%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B4%5D=Java%20Auto%20Updater&software%5B5%5D=Java%20Auto%20Updater&software%5B6%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B7%5D=20231003&eng_time=1705441703853&nocache=5846812 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:53 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:53 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:53 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    111192.168.2.649871167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:57 UTC1905OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=1033&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B5%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B1%5D=1033&software%5B2%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B3%5D=Java%20Auto%20Updater&software%5B4%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B5%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B6%5D=au.msi&eng_time=1705441703854&nocache=5850250 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:57 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:57 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:57 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    112192.168.2.649872167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:58 UTC1125OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=software_add&software%5B0%5D%5BCaption%5D=Java%20Auto%20Updater&software%5B0%5D%5BDescription%5D=Java%20Auto%20Updater&software%5B0%5D%5BIdentifyingNumber%5D=%7B4A03706F-666A-4037-7777-5F2748764D10%7D&software%5B0%5D%5BInstallDate%5D=20231003&software%5B0%5D%5BInstallSource%5D=C%3A%2FUsers%2Fhardz%2FAppData%2FLocalLow%2FOracle%2FJava%2Fjre1.8.0_381%2F&software%5B0%5D%5BLanguage%5D=1033&software%5B0%5D%5BLocalPackage%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BName%5D=Java%20Auto%20Updater&software%5B0%5D%5BPackageCache%5D=C%3A%2FWindows%2FInstaller%2F8b69a.msi&software%5B0%5D%5BPackageCode%5D=%7B4ABE9B71-B1DF-4AD5-BF73-63598CF20A23%7D&software%5B0%5D%5BPackageName%5D=au.msi&software%5B0%5D%5BVendor%5D=Oracle%20Corporation&software%5B0%5D%5BVersion%5D=2.8.381.9&software%5B0%5D%5Bid%5D=1988474201&software%5B1%5D=2.8.381.9&software%5B1%5D=2.8.381.9&software%5B2%5D=1988474201&eng_time=1705441703855&nocache=5854671 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:59 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:18:59 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:18:59 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                    113192.168.2.649873167.99.235.2034437568C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                    2024-01-16 20:19:00 UTC1854OUTGET /pixel.gif?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&version=fa.1060&evt_src=fa_pcdetails&evt_action=hardware_add&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B6%5D=20060621000000.%2A%2A%2A%2A%2A%2A%2B%2A%2A%2A&hardware%5B0%5D=%7B1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc%7D&hardware%5B1%5D=GenPrintQueue&hardware%5B2%5D=Local%20Print%20Queue&hardware%5B3%5D=PRINTQUEUE&hardware%5B4%5D=SWD%2FPRINTENUM%2F%7B46D503C7-B8B7-49A5-8DA2-DCCA61B431A0%7D&hardware%5B5%5D=Local%20Print%20Queue&hardware%5B6%5D=20060621000000.%2A%2A%2A%2A%2A%2A%2B%2A%2A%2A&hardware%5B7%5D=Microsoft&eng_time=1705441705064&nocache=5856078 HTTP/1.1
                                                                                                                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                    User-Agent: WinHTTP 1.0
                                                                                                                                                                                                                                                                                                    Host: pcapp.store
                                                                                                                                                                                                                                                                                                    2024-01-16 20:19:00 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                    Server: nginx
                                                                                                                                                                                                                                                                                                    Date: Tue, 16 Jan 2024 20:19:00 GMT
                                                                                                                                                                                                                                                                                                    Content-Type: image/gif
                                                                                                                                                                                                                                                                                                    Content-Length: 42
                                                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
                                                                                                                                                                                                                                                                                                    2024-01-16 20:19:00 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                                    Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                                                    Start time:21:15:58
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\nso7806.exe
                                                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                                                    File size:88'750'488 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:0E167B5AEEC155C784C678D42A22E1B9
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:5
                                                                                                                                                                                                                                                                                                    Start time:21:16:07
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pcapp.store/installing.php?guid=4D802742-3099-9C0E-C19B-2A23EA1FC420&winver=19045&version=fa.1060&nocache=20240116211606.376
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:7
                                                                                                                                                                                                                                                                                                    Start time:21:16:08
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                                                    Start time:21:16:22
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                                                                                                                    Start time:21:16:22
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1968,i,11758976918255199245,1320992786392413504,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff684c40000
                                                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                                                    Start time:21:16:44
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                                                                                                                                                                    Imagebase:0xbf0000
                                                                                                                                                                                                                                                                                                    File size:1'859'928 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:A0D255A0293C7775D917EB7BD8F79223
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                                    • Detection: 42%, ReversingLabs
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                                                    Start time:21:16:45
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" .\ui\.
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                                    • Detection: 4%, ReversingLabs
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                                                    Start time:21:16:47
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2b0,0x2b4,0x2b8,0x28c,0x2bc,0x7ffd83ec9b48,0x7ffd83ec9b58,0x7ffd83ec9b68
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                                                    Start time:21:16:47
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:C:\Users\user\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\pc_app_store\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x1ac,0x1b0,0x1b4,0x184,0x1b8,0x7ff732901da0,0x7ff732901db0,0x7ff732901dc0
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                                                    Start time:21:16:48
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                                                    Start time:21:16:48
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --mojo-platform-channel-handle=2044 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                                                    Start time:21:16:49
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=2080 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                                                                    Start time:21:16:49
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Users\user\PCAppStore\nwjs\gen" --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1705430483202943 --launch-time-ticks=5726467646 --mojo-platform-channel-handle=2868 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:1
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                                                                    Start time:21:16:52
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff609140000
                                                                                                                                                                                                                                                                                                    File size:5'141'208 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                                                                    Start time:21:16:53
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                                                                                                                                                                    Imagebase:0xbf0000
                                                                                                                                                                                                                                                                                                    File size:1'859'928 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:A0D255A0293C7775D917EB7BD8F79223
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                                                                    Start time:21:16:59
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                                                                                                                    Start time:21:16:59
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3032 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                                                                    Start time:21:17:01
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\PcAppStore.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\PcAppStore.exe" /init default
                                                                                                                                                                                                                                                                                                    Imagebase:0xbf0000
                                                                                                                                                                                                                                                                                                    File size:1'859'928 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:A0D255A0293C7775D917EB7BD8F79223
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                                                                                                                    Start time:21:17:18
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3500 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                                                                    Start time:21:17:18
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                                                                    Start time:21:17:18
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=3968 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                                                                                                                    Start time:21:17:23
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff6416a0000
                                                                                                                                                                                                                                                                                                    File size:69'632 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                                                                    Start time:21:17:24
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff642ec0000
                                                                                                                                                                                                                                                                                                    File size:21'312 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                                                                                                                    Start time:21:17:24
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff623400000
                                                                                                                                                                                                                                                                                                    File size:19'776 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:DA7063B17DBB8BBB3015351016868006
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                                                                                                                    Start time:21:17:28
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --mojo-platform-channel-handle=4060 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:8
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                                                                                                                    Start time:21:17:43
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\AutoUpdater.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\AutoUpdater.exe" /i
                                                                                                                                                                                                                                                                                                    Imagebase:0xb00000
                                                                                                                                                                                                                                                                                                    File size:426'840 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:E94CED8CA1236B3D9D54061C4580B97D
                                                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                                                    • Detection: 50%, ReversingLabs
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                                                                                                                    Start time:21:18:48
                                                                                                                                                                                                                                                                                                    Start date:16/01/2024
                                                                                                                                                                                                                                                                                                    Path:C:\Users\user\PCAppStore\nwjs\NW_store.exe
                                                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --start-stack-profiler --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3524 --field-trial-handle=1864,i,5486992231238131248,4809465831021404858,131072 /prefetch:2
                                                                                                                                                                                                                                                                                                    Imagebase:0x7ff732710000
                                                                                                                                                                                                                                                                                                    File size:2'491'224 bytes
                                                                                                                                                                                                                                                                                                    MD5 hash:AAD2814325B2F176B0D03B827245BF92
                                                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                      Execution Coverage:28.5%
                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                      Signature Coverage:16.3%
                                                                                                                                                                                                                                                                                                      Total number of Nodes:1394
                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:50
                                                                                                                                                                                                                                                                                                      execution_graph 3233 403640 SetErrorMode GetVersionExW 3234 403692 GetVersionExW 3233->3234 3235 4036ca 3233->3235 3234->3235 3236 403723 3235->3236 3237 406a35 5 API calls 3235->3237 3323 4069c5 GetSystemDirectoryW 3236->3323 3237->3236 3239 403739 lstrlenA 3239->3236 3240 403749 3239->3240 3326 406a35 GetModuleHandleA 3240->3326 3243 406a35 5 API calls 3244 403757 3243->3244 3245 406a35 5 API calls 3244->3245 3246 403763 #17 OleInitialize SHGetFileInfoW 3245->3246 3332 406668 lstrcpynW 3246->3332 3249 4037b0 GetCommandLineW 3333 406668 lstrcpynW 3249->3333 3251 4037c2 3334 405f64 3251->3334 3254 4038f7 3255 40390b GetTempPathW 3254->3255 3338 40360f 3255->3338 3257 403923 3259 403927 GetWindowsDirectoryW lstrcatW 3257->3259 3260 40397d DeleteFileW 3257->3260 3258 405f64 CharNextW 3262 4037f9 3258->3262 3263 40360f 12 API calls 3259->3263 3348 4030d0 GetTickCount GetModuleFileNameW 3260->3348 3262->3254 3262->3258 3267 4038f9 3262->3267 3265 403943 3263->3265 3264 403990 3268 403b6c ExitProcess OleUninitialize 3264->3268 3270 403a45 3264->3270 3277 405f64 CharNextW 3264->3277 3265->3260 3266 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3265->3266 3269 40360f 12 API calls 3266->3269 3434 406668 lstrcpynW 3267->3434 3272 403b91 3268->3272 3273 403b7c 3268->3273 3276 403975 3269->3276 3378 403d17 3270->3378 3274 403b99 GetCurrentProcess OpenProcessToken 3272->3274 3275 403c0f ExitProcess 3272->3275 3488 405cc8 3273->3488 3280 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3274->3280 3281 403bdf 3274->3281 3276->3260 3276->3268 3292 4039b2 3277->3292 3280->3281 3285 406a35 5 API calls 3281->3285 3282 403a54 3282->3268 3288 403be6 3285->3288 3286 403a1b 3435 40603f 3286->3435 3287 403a5c 3451 405c33 3287->3451 3290 403bfb ExitWindowsEx 3288->3290 3294 403c08 3288->3294 3290->3275 3290->3294 3292->3286 3292->3287 3492 40140b 3294->3492 3297 403a72 lstrcatW 3298 403a7d lstrcatW lstrcmpiW 3297->3298 3298->3282 3299 403a9d 3298->3299 3301 403aa2 3299->3301 3302 403aa9 3299->3302 3454 405b99 CreateDirectoryW 3301->3454 3459 405c16 CreateDirectoryW 3302->3459 3303 403a3a 3450 406668 lstrcpynW 3303->3450 3308 403aae SetCurrentDirectoryW 3309 403ac0 3308->3309 3310 403acb 3308->3310 3462 406668 lstrcpynW 3309->3462 3463 406668 lstrcpynW 3310->3463 3315 403b19 CopyFileW 3319 403ad8 3315->3319 3316 403b63 3318 406428 36 API calls 3316->3318 3318->3282 3319->3316 3320 4066a5 17 API calls 3319->3320 3322 403b4d CloseHandle 3319->3322 3464 4066a5 3319->3464 3481 406428 MoveFileExW 3319->3481 3485 405c4b CreateProcessW 3319->3485 3320->3319 3322->3319 3324 4069e7 wsprintfW LoadLibraryExW 3323->3324 3324->3239 3327 406a51 3326->3327 3328 406a5b GetProcAddress 3326->3328 3329 4069c5 3 API calls 3327->3329 3330 403750 3328->3330 3331 406a57 3329->3331 3330->3243 3331->3328 3331->3330 3332->3249 3333->3251 3335 405f6a 3334->3335 3336 4037e8 CharNextW 3335->3336 3337 405f71 CharNextW 3335->3337 3336->3262 3337->3335 3495 4068ef 3338->3495 3340 403625 3340->3257 3341 40361b 3341->3340 3504 405f37 lstrlenW CharPrevW 3341->3504 3344 405c16 2 API calls 3345 403633 3344->3345 3507 406187 3345->3507 3511 406158 GetFileAttributesW CreateFileW 3348->3511 3350 403113 3377 403120 3350->3377 3512 406668 lstrcpynW 3350->3512 3352 403136 3513 405f83 lstrlenW 3352->3513 3356 403147 GetFileSize 3357 403241 3356->3357 3376 40315e 3356->3376 3518 40302e 3357->3518 3361 403286 GlobalAlloc 3364 40329d 3361->3364 3363 4032de 3365 40302e 32 API calls 3363->3365 3368 406187 2 API calls 3364->3368 3365->3377 3366 403267 3367 4035e2 ReadFile 3366->3367 3369 403272 3367->3369 3371 4032ae CreateFileW 3368->3371 3369->3361 3369->3377 3370 40302e 32 API calls 3370->3376 3372 4032e8 3371->3372 3371->3377 3532 4035f8 SetFilePointer 3372->3532 3374 4032f6 3533 403371 3374->3533 3376->3357 3376->3363 3376->3370 3376->3377 3548 4035e2 3376->3548 3377->3264 3379 406a35 5 API calls 3378->3379 3380 403d2b 3379->3380 3381 403d31 3380->3381 3382 403d43 3380->3382 3610 4065af wsprintfW 3381->3610 3611 406536 3382->3611 3386 403d92 lstrcatW 3387 403d41 3386->3387 3595 403fed 3387->3595 3388 406536 3 API calls 3388->3386 3391 40603f 18 API calls 3392 403dc4 3391->3392 3393 403e58 3392->3393 3395 406536 3 API calls 3392->3395 3394 40603f 18 API calls 3393->3394 3396 403e5e 3394->3396 3402 403df6 3395->3402 3397 403e6e LoadImageW 3396->3397 3398 4066a5 17 API calls 3396->3398 3399 403f14 3397->3399 3400 403e95 RegisterClassW 3397->3400 3398->3397 3404 40140b 2 API calls 3399->3404 3403 403ecb SystemParametersInfoW CreateWindowExW 3400->3403 3433 403f1e 3400->3433 3401 403e17 lstrlenW 3406 403e25 lstrcmpiW 3401->3406 3407 403e4b 3401->3407 3402->3393 3402->3401 3405 405f64 CharNextW 3402->3405 3403->3399 3408 403f1a 3404->3408 3409 403e14 3405->3409 3406->3407 3410 403e35 GetFileAttributesW 3406->3410 3411 405f37 3 API calls 3407->3411 3413 403fed 18 API calls 3408->3413 3408->3433 3409->3401 3412 403e41 3410->3412 3414 403e51 3411->3414 3412->3407 3415 405f83 2 API calls 3412->3415 3416 403f2b 3413->3416 3616 406668 lstrcpynW 3414->3616 3415->3407 3418 403f37 ShowWindow 3416->3418 3419 403fba 3416->3419 3420 4069c5 3 API calls 3418->3420 3603 40579d OleInitialize 3419->3603 3422 403f4f 3420->3422 3424 403f5d GetClassInfoW 3422->3424 3427 4069c5 3 API calls 3422->3427 3423 403fc0 3425 403fc4 3423->3425 3426 403fdc 3423->3426 3429 403f71 GetClassInfoW RegisterClassW 3424->3429 3430 403f87 DialogBoxParamW 3424->3430 3431 40140b 2 API calls 3425->3431 3425->3433 3428 40140b 2 API calls 3426->3428 3427->3424 3428->3433 3429->3430 3432 40140b 2 API calls 3430->3432 3431->3433 3432->3433 3433->3282 3434->3255 3632 406668 lstrcpynW 3435->3632 3437 406050 3633 405fe2 CharNextW CharNextW 3437->3633 3440 403a27 3440->3268 3449 406668 lstrcpynW 3440->3449 3441 4068ef 5 API calls 3447 406066 3441->3447 3442 406097 lstrlenW 3443 4060a2 3442->3443 3442->3447 3444 405f37 3 API calls 3443->3444 3446 4060a7 GetFileAttributesW 3444->3446 3446->3440 3447->3440 3447->3442 3448 405f83 2 API calls 3447->3448 3639 40699e FindFirstFileW 3447->3639 3448->3442 3449->3303 3450->3270 3452 406a35 5 API calls 3451->3452 3453 403a61 lstrcatW 3452->3453 3453->3297 3453->3298 3455 403aa7 3454->3455 3456 405bea GetLastError 3454->3456 3455->3308 3456->3455 3457 405bf9 SetFileSecurityW 3456->3457 3457->3455 3458 405c0f GetLastError 3457->3458 3458->3455 3460 405c2a GetLastError 3459->3460 3461 405c26 3459->3461 3460->3461 3461->3308 3462->3310 3463->3319 3465 4066b2 3464->3465 3466 4068d5 3465->3466 3469 4068a3 lstrlenW 3465->3469 3470 406536 3 API calls 3465->3470 3471 4066a5 10 API calls 3465->3471 3472 4067ba GetSystemDirectoryW 3465->3472 3475 4067cd GetWindowsDirectoryW 3465->3475 3476 4066a5 10 API calls 3465->3476 3477 406844 lstrcatW 3465->3477 3478 4068ef 5 API calls 3465->3478 3479 4067fc SHGetSpecialFolderLocation 3465->3479 3642 4065af wsprintfW 3465->3642 3643 406668 lstrcpynW 3465->3643 3467 403b0d DeleteFileW 3466->3467 3644 406668 lstrcpynW 3466->3644 3467->3315 3467->3319 3469->3465 3470->3465 3471->3469 3472->3465 3475->3465 3476->3465 3477->3465 3478->3465 3479->3465 3480 406814 SHGetPathFromIDListW CoTaskMemFree 3479->3480 3480->3465 3482 406449 3481->3482 3483 40643c 3481->3483 3482->3319 3645 4062ae 3483->3645 3486 405c8a 3485->3486 3487 405c7e CloseHandle 3485->3487 3486->3319 3487->3486 3491 405cdd 3488->3491 3489 403b89 ExitProcess 3490 405cf1 MessageBoxIndirectW 3490->3489 3491->3489 3491->3490 3493 401389 2 API calls 3492->3493 3494 401420 3493->3494 3494->3275 3501 4068fc 3495->3501 3496 406972 3497 406977 CharPrevW 3496->3497 3500 406998 3496->3500 3497->3496 3498 406965 CharNextW 3498->3496 3498->3501 3499 405f64 CharNextW 3499->3501 3500->3341 3501->3496 3501->3498 3501->3499 3502 406951 CharNextW 3501->3502 3503 406960 CharNextW 3501->3503 3502->3501 3503->3498 3505 405f53 lstrcatW 3504->3505 3506 40362d 3504->3506 3505->3506 3506->3344 3508 406194 GetTickCount GetTempFileNameW 3507->3508 3509 4061ca 3508->3509 3510 40363e 3508->3510 3509->3508 3509->3510 3510->3257 3511->3350 3512->3352 3514 405f91 3513->3514 3515 40313c 3514->3515 3516 405f97 CharPrevW 3514->3516 3517 406668 lstrcpynW 3515->3517 3516->3514 3516->3515 3517->3356 3519 403057 3518->3519 3520 40303f 3518->3520 3522 403067 GetTickCount 3519->3522 3523 40305f 3519->3523 3521 403048 DestroyWindow 3520->3521 3526 40304f 3520->3526 3521->3526 3525 403075 3522->3525 3522->3526 3566 406a71 3523->3566 3527 4030aa CreateDialogParamW ShowWindow 3525->3527 3528 40307d 3525->3528 3526->3361 3526->3377 3551 4035f8 SetFilePointer 3526->3551 3527->3526 3528->3526 3552 403012 3528->3552 3530 40308b wsprintfW 3555 4056ca 3530->3555 3532->3374 3534 403380 SetFilePointer 3533->3534 3535 40339c 3533->3535 3534->3535 3570 403479 GetTickCount 3535->3570 3540 403479 42 API calls 3541 4033d3 3540->3541 3542 40343f ReadFile 3541->3542 3546 4033e2 3541->3546 3547 403439 3541->3547 3542->3547 3544 4061db ReadFile 3544->3546 3546->3544 3546->3547 3585 40620a WriteFile 3546->3585 3547->3377 3549 4061db ReadFile 3548->3549 3550 4035f5 3549->3550 3550->3376 3551->3366 3553 403021 3552->3553 3554 403023 MulDiv 3552->3554 3553->3554 3554->3530 3556 4056e5 3555->3556 3557 405787 3555->3557 3558 405701 lstrlenW 3556->3558 3559 4066a5 17 API calls 3556->3559 3557->3526 3560 40572a 3558->3560 3561 40570f lstrlenW 3558->3561 3559->3558 3562 405730 SetWindowTextW 3560->3562 3563 40573d 3560->3563 3561->3557 3564 405721 lstrcatW 3561->3564 3562->3563 3563->3557 3565 405743 SendMessageW SendMessageW SendMessageW 3563->3565 3564->3560 3565->3557 3567 406a8e PeekMessageW 3566->3567 3568 406a84 DispatchMessageW 3567->3568 3569 406a9e 3567->3569 3568->3567 3569->3526 3571 4035d1 3570->3571 3572 4034a7 3570->3572 3573 40302e 32 API calls 3571->3573 3587 4035f8 SetFilePointer 3572->3587 3580 4033a3 3573->3580 3575 4034b2 SetFilePointer 3579 4034d7 3575->3579 3576 4035e2 ReadFile 3576->3579 3578 40302e 32 API calls 3578->3579 3579->3576 3579->3578 3579->3580 3581 40620a WriteFile 3579->3581 3582 4035b2 SetFilePointer 3579->3582 3588 406bb0 3579->3588 3580->3547 3583 4061db ReadFile 3580->3583 3581->3579 3582->3571 3584 4033bc 3583->3584 3584->3540 3584->3547 3586 406228 3585->3586 3586->3546 3587->3575 3589 406bd5 3588->3589 3590 406bdd 3588->3590 3589->3579 3590->3589 3591 406c64 GlobalFree 3590->3591 3592 406c6d GlobalAlloc 3590->3592 3593 406ce4 GlobalAlloc 3590->3593 3594 406cdb GlobalFree 3590->3594 3591->3592 3592->3589 3592->3590 3593->3589 3593->3590 3594->3593 3596 404001 3595->3596 3617 4065af wsprintfW 3596->3617 3598 404072 3618 4040a6 3598->3618 3600 403da2 3600->3391 3601 404077 3601->3600 3602 4066a5 17 API calls 3601->3602 3602->3601 3621 404610 3603->3621 3605 404610 SendMessageW 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3608 4057e7 3606->3608 3624 401389 3606->3624 3607->3423 3608->3605 3610->3387 3628 4064d5 3611->3628 3614 403d73 3614->3386 3614->3388 3615 40656a RegQueryValueExW RegCloseKey 3615->3614 3616->3393 3617->3598 3619 4066a5 17 API calls 3618->3619 3620 4040b4 SetWindowTextW 3619->3620 3620->3601 3622 404628 3621->3622 3623 404619 SendMessageW 3621->3623 3622->3606 3623->3622 3626 401390 3624->3626 3625 4013fe 3625->3606 3626->3625 3627 4013cb MulDiv SendMessageW 3626->3627 3627->3626 3629 4064e4 3628->3629 3630 4064e8 3629->3630 3631 4064ed RegOpenKeyExW 3629->3631 3630->3614 3630->3615 3631->3630 3632->3437 3634 405fff 3633->3634 3638 406011 3633->3638 3636 40600c CharNextW 3634->3636 3634->3638 3635 406035 3635->3440 3635->3441 3636->3635 3637 405f64 CharNextW 3637->3638 3638->3635 3638->3637 3640 4069b4 FindClose 3639->3640 3641 4069bf 3639->3641 3640->3641 3641->3447 3642->3465 3643->3465 3644->3467 3646 406304 GetShortPathNameW 3645->3646 3647 4062de 3645->3647 3649 406423 3646->3649 3650 406319 3646->3650 3672 406158 GetFileAttributesW CreateFileW 3647->3672 3649->3482 3650->3649 3652 406321 wsprintfA 3650->3652 3651 4062e8 CloseHandle GetShortPathNameW 3651->3649 3653 4062fc 3651->3653 3654 4066a5 17 API calls 3652->3654 3653->3646 3653->3649 3655 406349 3654->3655 3673 406158 GetFileAttributesW CreateFileW 3655->3673 3657 406356 3657->3649 3658 406365 GetFileSize GlobalAlloc 3657->3658 3659 406387 3658->3659 3660 40641c CloseHandle 3658->3660 3661 4061db ReadFile 3659->3661 3660->3649 3662 40638f 3661->3662 3662->3660 3674 4060bd lstrlenA 3662->3674 3665 4063a6 lstrcpyA 3668 4063c8 3665->3668 3666 4063ba 3667 4060bd 4 API calls 3666->3667 3667->3668 3669 4063ff SetFilePointer 3668->3669 3670 40620a WriteFile 3669->3670 3671 406415 GlobalFree 3670->3671 3671->3660 3672->3651 3673->3657 3675 4060fe lstrlenA 3674->3675 3676 4060d7 lstrcmpiA 3675->3676 3678 406106 3675->3678 3677 4060f5 CharNextA 3676->3677 3676->3678 3677->3675 3678->3665 3678->3666 3679 4015c1 3698 402da6 3679->3698 3682 405fe2 4 API calls 3694 4015d1 3682->3694 3683 401631 3684 401663 3683->3684 3685 401636 3683->3685 3689 401423 24 API calls 3684->3689 3704 401423 3685->3704 3686 405f64 CharNextW 3686->3694 3695 40165b 3689->3695 3691 405c16 2 API calls 3691->3694 3692 405c33 5 API calls 3692->3694 3693 40164a SetCurrentDirectoryW 3693->3695 3694->3683 3694->3686 3694->3691 3694->3692 3696 401617 GetFileAttributesW 3694->3696 3697 405b99 4 API calls 3694->3697 3696->3694 3697->3694 3699 402db2 3698->3699 3700 4066a5 17 API calls 3699->3700 3701 402dd3 3700->3701 3702 4015c8 3701->3702 3703 4068ef 5 API calls 3701->3703 3702->3682 3703->3702 3705 4056ca 24 API calls 3704->3705 3706 401431 3705->3706 3707 406668 lstrcpynW 3706->3707 3707->3693 3708 401941 3709 401943 3708->3709 3710 402da6 17 API calls 3709->3710 3711 401948 3710->3711 3714 405d74 3711->3714 3715 40603f 18 API calls 3714->3715 3716 405d94 3715->3716 3717 405d9c DeleteFileW 3716->3717 3718 405db3 3716->3718 3722 401951 3717->3722 3719 405ed3 3718->3719 3750 406668 lstrcpynW 3718->3750 3719->3722 3726 40699e 2 API calls 3719->3726 3721 405dd9 3723 405dec 3721->3723 3724 405ddf lstrcatW 3721->3724 3725 405f83 2 API calls 3723->3725 3727 405df2 3724->3727 3725->3727 3729 405ef8 3726->3729 3728 405e02 lstrcatW 3727->3728 3730 405e0d lstrlenW FindFirstFileW 3727->3730 3728->3730 3729->3722 3731 405f37 3 API calls 3729->3731 3730->3719 3748 405e2f 3730->3748 3732 405f02 3731->3732 3734 405d2c 5 API calls 3732->3734 3733 405eb6 FindNextFileW 3737 405ecc FindClose 3733->3737 3733->3748 3736 405f0e 3734->3736 3738 405f12 3736->3738 3739 405f28 3736->3739 3737->3719 3738->3722 3742 4056ca 24 API calls 3738->3742 3741 4056ca 24 API calls 3739->3741 3741->3722 3744 405f1f 3742->3744 3743 405d74 60 API calls 3743->3748 3746 406428 36 API calls 3744->3746 3745 4056ca 24 API calls 3745->3733 3746->3722 3747 4056ca 24 API calls 3747->3748 3748->3733 3748->3743 3748->3745 3748->3747 3749 406428 36 API calls 3748->3749 3751 406668 lstrcpynW 3748->3751 3752 405d2c 3748->3752 3749->3748 3750->3721 3751->3748 3760 406133 GetFileAttributesW 3752->3760 3755 405d47 RemoveDirectoryW 3758 405d55 3755->3758 3756 405d4f DeleteFileW 3756->3758 3757 405d59 3757->3748 3758->3757 3759 405d65 SetFileAttributesW 3758->3759 3759->3757 3761 405d38 3760->3761 3762 406145 SetFileAttributesW 3760->3762 3761->3755 3761->3756 3761->3757 3762->3761 3777 401c43 3778 402d84 17 API calls 3777->3778 3779 401c4a 3778->3779 3780 402d84 17 API calls 3779->3780 3781 401c57 3780->3781 3782 402da6 17 API calls 3781->3782 3783 401c6c 3781->3783 3782->3783 3784 401c7c 3783->3784 3785 402da6 17 API calls 3783->3785 3786 401cd3 3784->3786 3787 401c87 3784->3787 3785->3784 3789 402da6 17 API calls 3786->3789 3788 402d84 17 API calls 3787->3788 3791 401c8c 3788->3791 3790 401cd8 3789->3790 3792 402da6 17 API calls 3790->3792 3793 402d84 17 API calls 3791->3793 3794 401ce1 FindWindowExW 3792->3794 3795 401c98 3793->3795 3798 401d03 3794->3798 3796 401cc3 SendMessageW 3795->3796 3797 401ca5 SendMessageTimeoutW 3795->3797 3796->3798 3797->3798 4219 4028c4 4220 4028ca 4219->4220 4221 4028d2 FindClose 4220->4221 4222 402c2a 4220->4222 4221->4222 3820 4040c5 3821 4040dd 3820->3821 3822 40423e 3820->3822 3821->3822 3823 4040e9 3821->3823 3824 40424f GetDlgItem GetDlgItem 3822->3824 3829 40428f 3822->3829 3826 4040f4 SetWindowPos 3823->3826 3827 404107 3823->3827 3828 4045c4 18 API calls 3824->3828 3825 4042e9 3830 404610 SendMessageW 3825->3830 3838 404239 3825->3838 3826->3827 3831 404110 ShowWindow 3827->3831 3832 404152 3827->3832 3833 404279 SetClassLongW 3828->3833 3829->3825 3837 401389 2 API calls 3829->3837 3860 4042fb 3830->3860 3839 404130 GetWindowLongW 3831->3839 3840 4041fc 3831->3840 3834 404171 3832->3834 3835 40415a DestroyWindow 3832->3835 3836 40140b 2 API calls 3833->3836 3842 404176 SetWindowLongW 3834->3842 3843 404187 3834->3843 3841 40454d 3835->3841 3836->3829 3844 4042c1 3837->3844 3839->3840 3846 404149 ShowWindow 3839->3846 3900 40462b 3840->3900 3841->3838 3853 40457e ShowWindow 3841->3853 3842->3838 3843->3840 3847 404193 GetDlgItem 3843->3847 3844->3825 3848 4042c5 SendMessageW 3844->3848 3846->3832 3851 4041c1 3847->3851 3852 4041a4 SendMessageW IsWindowEnabled 3847->3852 3848->3838 3849 40140b 2 API calls 3849->3860 3850 40454f DestroyWindow KiUserCallbackDispatcher 3850->3841 3855 4041ce 3851->3855 3858 404215 SendMessageW 3851->3858 3859 4041e1 3851->3859 3865 4041c6 3851->3865 3852->3838 3852->3851 3853->3838 3854 4066a5 17 API calls 3854->3860 3855->3858 3855->3865 3857 4045c4 18 API calls 3857->3860 3858->3840 3861 4041e9 3859->3861 3862 4041fe 3859->3862 3860->3838 3860->3849 3860->3850 3860->3854 3860->3857 3882 40448f DestroyWindow 3860->3882 3891 4045c4 3860->3891 3864 40140b 2 API calls 3861->3864 3863 40140b 2 API calls 3862->3863 3863->3865 3864->3865 3865->3840 3897 40459d 3865->3897 3867 404376 GetDlgItem 3868 404393 ShowWindow KiUserCallbackDispatcher 3867->3868 3869 40438b 3867->3869 3894 4045e6 KiUserCallbackDispatcher 3868->3894 3869->3868 3871 4043bd KiUserCallbackDispatcher 3876 4043d1 3871->3876 3872 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3873 404406 SendMessageW 3872->3873 3872->3876 3873->3876 3875 4040a6 18 API calls 3875->3876 3876->3872 3876->3875 3895 4045f9 SendMessageW 3876->3895 3896 406668 lstrcpynW 3876->3896 3878 404435 lstrlenW 3879 4066a5 17 API calls 3878->3879 3880 40444b SetWindowTextW 3879->3880 3881 401389 2 API calls 3880->3881 3881->3860 3882->3841 3883 4044a9 CreateDialogParamW 3882->3883 3883->3841 3884 4044dc 3883->3884 3885 4045c4 18 API calls 3884->3885 3886 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3885->3886 3887 401389 2 API calls 3886->3887 3888 40452d 3887->3888 3888->3838 3889 404535 ShowWindow 3888->3889 3890 404610 SendMessageW 3889->3890 3890->3841 3892 4066a5 17 API calls 3891->3892 3893 4045cf SetDlgItemTextW 3892->3893 3893->3867 3894->3871 3895->3876 3896->3878 3898 4045a4 3897->3898 3899 4045aa SendMessageW 3897->3899 3898->3899 3899->3840 3901 4046ee 3900->3901 3902 404643 GetWindowLongW 3900->3902 3901->3838 3902->3901 3903 404658 3902->3903 3903->3901 3904 404685 GetSysColor 3903->3904 3905 404688 3903->3905 3904->3905 3906 404698 SetBkMode 3905->3906 3907 40468e SetTextColor 3905->3907 3908 4046b0 GetSysColor 3906->3908 3909 4046b6 3906->3909 3907->3906 3908->3909 3910 4046c7 3909->3910 3911 4046bd SetBkColor 3909->3911 3910->3901 3912 4046e1 CreateBrushIndirect 3910->3912 3913 4046da DeleteObject 3910->3913 3911->3910 3912->3901 3913->3912 4226 4016cc 4227 402da6 17 API calls 4226->4227 4228 4016d2 GetFullPathNameW 4227->4228 4229 4016ec 4228->4229 4235 40170e 4228->4235 4231 40699e 2 API calls 4229->4231 4229->4235 4230 401723 GetShortPathNameW 4232 402c2a 4230->4232 4233 4016fe 4231->4233 4233->4235 4236 406668 lstrcpynW 4233->4236 4235->4230 4235->4232 4236->4235 4237 401e4e GetDC 4238 402d84 17 API calls 4237->4238 4239 401e60 GetDeviceCaps MulDiv ReleaseDC 4238->4239 4240 402d84 17 API calls 4239->4240 4241 401e91 4240->4241 4242 4066a5 17 API calls 4241->4242 4243 401ece CreateFontIndirectW 4242->4243 4244 402638 4243->4244 4244->4244 4245 402950 4246 402da6 17 API calls 4245->4246 4248 40295c 4246->4248 4247 402972 4250 406133 2 API calls 4247->4250 4248->4247 4249 402da6 17 API calls 4248->4249 4249->4247 4251 402978 4250->4251 4273 406158 GetFileAttributesW CreateFileW 4251->4273 4253 402985 4254 402a3b 4253->4254 4255 4029a0 GlobalAlloc 4253->4255 4256 402a23 4253->4256 4257 402a42 DeleteFileW 4254->4257 4258 402a55 4254->4258 4255->4256 4259 4029b9 4255->4259 4260 403371 44 API calls 4256->4260 4257->4258 4274 4035f8 SetFilePointer 4259->4274 4262 402a30 CloseHandle 4260->4262 4262->4254 4263 4029bf 4264 4035e2 ReadFile 4263->4264 4265 4029c8 GlobalAlloc 4264->4265 4266 4029d8 4265->4266 4267 402a0c 4265->4267 4268 403371 44 API calls 4266->4268 4269 40620a WriteFile 4267->4269 4272 4029e5 4268->4272 4270 402a18 GlobalFree 4269->4270 4270->4256 4271 402a03 GlobalFree 4271->4267 4272->4271 4273->4253 4274->4263 4282 403cd5 4283 403ce0 4282->4283 4284 403ce4 4283->4284 4285 403ce7 GlobalAlloc 4283->4285 4285->4284 4286 401956 4287 402da6 17 API calls 4286->4287 4288 40195d lstrlenW 4287->4288 4289 402638 4288->4289 4131 4014d7 4132 402d84 17 API calls 4131->4132 4133 4014dd Sleep 4132->4133 4135 402c2a 4133->4135 4136 4020d8 4137 4020ea 4136->4137 4147 40219c 4136->4147 4138 402da6 17 API calls 4137->4138 4139 4020f1 4138->4139 4141 402da6 17 API calls 4139->4141 4140 401423 24 API calls 4143 4022f6 4140->4143 4142 4020fa 4141->4142 4144 402110 LoadLibraryExW 4142->4144 4145 402102 GetModuleHandleW 4142->4145 4146 402121 4144->4146 4144->4147 4145->4144 4145->4146 4158 406aa4 4146->4158 4147->4140 4150 402132 4152 402151 KiUserCallbackDispatcher 4150->4152 4153 40213a 4150->4153 4151 40216b 4154 4056ca 24 API calls 4151->4154 4156 402142 4152->4156 4155 401423 24 API calls 4153->4155 4154->4156 4155->4156 4156->4143 4157 40218e FreeLibrary 4156->4157 4157->4143 4163 40668a WideCharToMultiByte 4158->4163 4160 406ac1 4161 406ac8 GetProcAddress 4160->4161 4162 40212c 4160->4162 4161->4162 4162->4150 4162->4151 4163->4160 4290 402b59 4291 402b60 4290->4291 4292 402bab 4290->4292 4294 402ba9 4291->4294 4296 402d84 17 API calls 4291->4296 4293 406a35 5 API calls 4292->4293 4295 402bb2 4293->4295 4297 402da6 17 API calls 4295->4297 4298 402b6e 4296->4298 4299 402bbb 4297->4299 4300 402d84 17 API calls 4298->4300 4299->4294 4301 402bbf IIDFromString 4299->4301 4303 402b7a 4300->4303 4301->4294 4302 402bce 4301->4302 4302->4294 4308 406668 lstrcpynW 4302->4308 4307 4065af wsprintfW 4303->4307 4306 402beb CoTaskMemFree 4306->4294 4307->4294 4308->4306 4309 402a5b 4310 402d84 17 API calls 4309->4310 4311 402a61 4310->4311 4312 402aa4 4311->4312 4313 402a88 4311->4313 4318 40292e 4311->4318 4315 402abe 4312->4315 4316 402aae 4312->4316 4314 402a8d 4313->4314 4322 402a9e 4313->4322 4323 406668 lstrcpynW 4314->4323 4317 4066a5 17 API calls 4315->4317 4319 402d84 17 API calls 4316->4319 4317->4322 4319->4322 4322->4318 4324 4065af wsprintfW 4322->4324 4323->4318 4324->4318 4187 40175c 4188 402da6 17 API calls 4187->4188 4189 401763 4188->4189 4190 406187 2 API calls 4189->4190 4191 40176a 4190->4191 4192 406187 2 API calls 4191->4192 4192->4191 4325 401d5d 4326 402d84 17 API calls 4325->4326 4327 401d6e SetWindowLongW 4326->4327 4328 402c2a 4327->4328 4193 401ede 4194 402d84 17 API calls 4193->4194 4195 401ee4 4194->4195 4196 402d84 17 API calls 4195->4196 4197 401ef0 4196->4197 4198 401f07 EnableWindow 4197->4198 4199 401efc ShowWindow 4197->4199 4200 402c2a 4198->4200 4199->4200 4329 4028de 4330 4028e6 4329->4330 4331 4028ea FindNextFileW 4330->4331 4334 4028fc 4330->4334 4332 402943 4331->4332 4331->4334 4335 406668 lstrcpynW 4332->4335 4335->4334 4336 406d5f 4342 406be3 4336->4342 4337 40754e 4338 406c64 GlobalFree 4339 406c6d GlobalAlloc 4338->4339 4339->4337 4339->4342 4340 406ce4 GlobalAlloc 4340->4337 4340->4342 4341 406cdb GlobalFree 4341->4340 4342->4337 4342->4338 4342->4339 4342->4340 4342->4341 4343 401563 4344 402ba4 4343->4344 4347 4065af wsprintfW 4344->4347 4346 402ba9 4347->4346 4348 401968 4349 402d84 17 API calls 4348->4349 4350 40196f 4349->4350 4351 402d84 17 API calls 4350->4351 4352 40197c 4351->4352 4353 402da6 17 API calls 4352->4353 4354 401993 lstrlenW 4353->4354 4356 4019a4 4354->4356 4355 4019e5 4356->4355 4360 406668 lstrcpynW 4356->4360 4358 4019d5 4358->4355 4359 4019da lstrlenW 4358->4359 4359->4355 4360->4358 4368 40166a 4369 402da6 17 API calls 4368->4369 4370 401670 4369->4370 4371 40699e 2 API calls 4370->4371 4372 401676 4371->4372 4373 402aeb 4374 402d84 17 API calls 4373->4374 4375 402af1 4374->4375 4376 40292e 4375->4376 4377 4066a5 17 API calls 4375->4377 4377->4376 4037 4026ec 4038 402d84 17 API calls 4037->4038 4043 4026fb 4038->4043 4039 402745 ReadFile 4039->4043 4050 402838 4039->4050 4040 4027de 4040->4043 4040->4050 4051 406239 SetFilePointer 4040->4051 4041 4061db ReadFile 4041->4043 4043->4039 4043->4040 4043->4041 4044 402785 MultiByteToWideChar 4043->4044 4045 40283a 4043->4045 4047 4027ab SetFilePointer MultiByteToWideChar 4043->4047 4048 40284b 4043->4048 4043->4050 4044->4043 4060 4065af wsprintfW 4045->4060 4047->4043 4049 40286c SetFilePointer 4048->4049 4048->4050 4049->4050 4052 406255 4051->4052 4055 40626d 4051->4055 4053 4061db ReadFile 4052->4053 4054 406261 4053->4054 4054->4055 4056 406276 SetFilePointer 4054->4056 4057 40629e SetFilePointer 4054->4057 4055->4040 4056->4057 4058 406281 4056->4058 4057->4055 4059 40620a WriteFile 4058->4059 4059->4055 4060->4050 4378 404a6e 4379 404aa4 4378->4379 4380 404a7e 4378->4380 4382 40462b 8 API calls 4379->4382 4381 4045c4 18 API calls 4380->4381 4383 404a8b SetDlgItemTextW 4381->4383 4384 404ab0 4382->4384 4383->4379 4062 40176f 4063 402da6 17 API calls 4062->4063 4064 401776 4063->4064 4065 401796 4064->4065 4066 40179e 4064->4066 4101 406668 lstrcpynW 4065->4101 4102 406668 lstrcpynW 4066->4102 4069 40179c 4073 4068ef 5 API calls 4069->4073 4070 4017a9 4071 405f37 3 API calls 4070->4071 4072 4017af lstrcatW 4071->4072 4072->4069 4093 4017bb 4073->4093 4074 40699e 2 API calls 4074->4093 4075 406133 2 API calls 4075->4093 4077 4017cd CompareFileTime 4077->4093 4078 40188d 4080 4056ca 24 API calls 4078->4080 4079 401864 4081 4056ca 24 API calls 4079->4081 4089 401879 4079->4089 4082 401897 4080->4082 4081->4089 4083 403371 44 API calls 4082->4083 4084 4018aa 4083->4084 4085 4018be SetFileTime 4084->4085 4086 4018d0 FindCloseChangeNotification 4084->4086 4085->4086 4088 4018e1 4086->4088 4086->4089 4087 4066a5 17 API calls 4087->4093 4091 4018e6 4088->4091 4092 4018f9 4088->4092 4090 406668 lstrcpynW 4090->4093 4094 4066a5 17 API calls 4091->4094 4095 4066a5 17 API calls 4092->4095 4093->4074 4093->4075 4093->4077 4093->4078 4093->4079 4093->4087 4093->4090 4096 405cc8 MessageBoxIndirectW 4093->4096 4100 406158 GetFileAttributesW CreateFileW 4093->4100 4097 4018ee lstrcatW 4094->4097 4098 401901 4095->4098 4096->4093 4097->4098 4099 405cc8 MessageBoxIndirectW 4098->4099 4099->4089 4100->4093 4101->4069 4102->4070 4385 401a72 4386 402d84 17 API calls 4385->4386 4387 401a7b 4386->4387 4388 402d84 17 API calls 4387->4388 4389 401a20 4388->4389 4390 401573 4391 401583 ShowWindow 4390->4391 4392 40158c 4390->4392 4391->4392 4393 402c2a 4392->4393 4394 40159a ShowWindow 4392->4394 4394->4393 4395 4023f4 4396 402da6 17 API calls 4395->4396 4397 402403 4396->4397 4398 402da6 17 API calls 4397->4398 4399 40240c 4398->4399 4400 402da6 17 API calls 4399->4400 4401 402416 GetPrivateProfileStringW 4400->4401 4402 4014f5 SetForegroundWindow 4403 402c2a 4402->4403 4404 401ff6 4405 402da6 17 API calls 4404->4405 4406 401ffd 4405->4406 4407 40699e 2 API calls 4406->4407 4408 402003 4407->4408 4410 402014 4408->4410 4411 4065af wsprintfW 4408->4411 4411->4410 4412 401b77 4413 402da6 17 API calls 4412->4413 4414 401b7e 4413->4414 4415 402d84 17 API calls 4414->4415 4416 401b87 wsprintfW 4415->4416 4417 402c2a 4416->4417 4418 4046fa lstrcpynW lstrlenW 4419 40167b 4420 402da6 17 API calls 4419->4420 4421 401682 4420->4421 4422 402da6 17 API calls 4421->4422 4423 40168b 4422->4423 4424 402da6 17 API calls 4423->4424 4425 401694 MoveFileW 4424->4425 4426 4016a0 4425->4426 4427 4016a7 4425->4427 4429 401423 24 API calls 4426->4429 4428 40699e 2 API calls 4427->4428 4431 4022f6 4427->4431 4430 4016b6 4428->4430 4429->4431 4430->4431 4432 406428 36 API calls 4430->4432 4432->4426 4440 4019ff 4441 402da6 17 API calls 4440->4441 4442 401a06 4441->4442 4443 402da6 17 API calls 4442->4443 4444 401a0f 4443->4444 4445 401a16 lstrcmpiW 4444->4445 4446 401a28 lstrcmpW 4444->4446 4447 401a1c 4445->4447 4446->4447 4448 4022ff 4449 402da6 17 API calls 4448->4449 4450 402305 4449->4450 4451 402da6 17 API calls 4450->4451 4452 40230e 4451->4452 4453 402da6 17 API calls 4452->4453 4454 402317 4453->4454 4455 40699e 2 API calls 4454->4455 4456 402320 4455->4456 4457 402331 lstrlenW lstrlenW 4456->4457 4461 402324 4456->4461 4459 4056ca 24 API calls 4457->4459 4458 4056ca 24 API calls 4462 40232c 4458->4462 4460 40236f SHFileOperationW 4459->4460 4460->4461 4460->4462 4461->4458 4461->4462 4463 401000 4464 401037 BeginPaint GetClientRect 4463->4464 4465 40100c DefWindowProcW 4463->4465 4467 4010f3 4464->4467 4468 401179 4465->4468 4469 401073 CreateBrushIndirect FillRect DeleteObject 4467->4469 4470 4010fc 4467->4470 4469->4467 4471 401102 CreateFontIndirectW 4470->4471 4472 401167 EndPaint 4470->4472 4471->4472 4473 401112 6 API calls 4471->4473 4472->4468 4473->4472 3763 401d81 3764 401d94 GetDlgItem 3763->3764 3765 401d87 3763->3765 3766 401d8e 3764->3766 3774 402d84 3765->3774 3768 401dd5 GetClientRect LoadImageW SendMessageW 3766->3768 3769 402da6 17 API calls 3766->3769 3771 401e33 3768->3771 3773 401e3f 3768->3773 3769->3768 3772 401e38 DeleteObject 3771->3772 3771->3773 3772->3773 3775 4066a5 17 API calls 3774->3775 3776 402d99 3775->3776 3776->3766 4474 401503 4475 40150b 4474->4475 4477 40151e 4474->4477 4476 402d84 17 API calls 4475->4476 4476->4477 4478 404783 4479 4048b5 4478->4479 4480 40479b 4478->4480 4481 40491f 4479->4481 4485 4049e9 4479->4485 4488 4048f0 GetDlgItem SendMessageW 4479->4488 4484 4045c4 18 API calls 4480->4484 4482 404929 GetDlgItem 4481->4482 4481->4485 4483 4049aa 4482->4483 4487 404943 4482->4487 4483->4485 4492 4049bc 4483->4492 4489 404802 4484->4489 4486 40462b 8 API calls 4485->4486 4490 4049e4 4486->4490 4487->4483 4491 404969 SendMessageW LoadCursorW SetCursor 4487->4491 4511 4045e6 KiUserCallbackDispatcher 4488->4511 4494 4045c4 18 API calls 4489->4494 4515 404a32 4491->4515 4497 4049d2 4492->4497 4498 4049c2 SendMessageW 4492->4498 4495 40480f CheckDlgButton 4494->4495 4509 4045e6 KiUserCallbackDispatcher 4495->4509 4497->4490 4502 4049d8 SendMessageW 4497->4502 4498->4497 4499 40491a 4512 404a0e 4499->4512 4502->4490 4504 40482d GetDlgItem 4510 4045f9 SendMessageW 4504->4510 4506 404843 SendMessageW 4507 404860 GetSysColor 4506->4507 4508 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4506->4508 4507->4508 4508->4490 4509->4504 4510->4506 4511->4499 4513 404a21 SendMessageW 4512->4513 4514 404a1c 4512->4514 4513->4481 4514->4513 4518 405c8e ShellExecuteExW 4515->4518 4517 404998 LoadCursorW SetCursor 4517->4483 4518->4517 4519 402383 4520 40238a 4519->4520 4522 40239d 4519->4522 4521 4066a5 17 API calls 4520->4521 4523 402397 4521->4523 4524 405cc8 MessageBoxIndirectW 4523->4524 4524->4522 3914 402c05 SendMessageW 3915 402c2a 3914->3915 3916 402c1f InvalidateRect 3914->3916 3916->3915 3930 405809 3931 4059b3 3930->3931 3932 40582a GetDlgItem GetDlgItem GetDlgItem 3930->3932 3934 4059e4 3931->3934 3935 4059bc GetDlgItem CreateThread FindCloseChangeNotification 3931->3935 3975 4045f9 SendMessageW 3932->3975 3937 405a0f 3934->3937 3938 405a34 3934->3938 3939 4059fb ShowWindow ShowWindow 3934->3939 3935->3934 3978 40579d 5 API calls 3935->3978 3936 40589a 3941 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3936->3941 3940 405a6f 3937->3940 3943 405a23 3937->3943 3944 405a49 ShowWindow 3937->3944 3945 40462b 8 API calls 3938->3945 3977 4045f9 SendMessageW 3939->3977 3940->3938 3950 405a7d SendMessageW 3940->3950 3948 4058f3 SendMessageW SendMessageW 3941->3948 3949 40590f 3941->3949 3951 40459d SendMessageW 3943->3951 3946 405a69 3944->3946 3947 405a5b 3944->3947 3956 405a42 3945->3956 3953 40459d SendMessageW 3946->3953 3952 4056ca 24 API calls 3947->3952 3948->3949 3954 405922 3949->3954 3955 405914 SendMessageW 3949->3955 3950->3956 3957 405a96 CreatePopupMenu 3950->3957 3951->3938 3952->3946 3953->3940 3959 4045c4 18 API calls 3954->3959 3955->3954 3958 4066a5 17 API calls 3957->3958 3960 405aa6 AppendMenuW 3958->3960 3961 405932 3959->3961 3962 405ac3 GetWindowRect 3960->3962 3963 405ad6 TrackPopupMenu 3960->3963 3964 40593b ShowWindow 3961->3964 3965 40596f GetDlgItem SendMessageW 3961->3965 3962->3963 3963->3956 3967 405af1 3963->3967 3968 405951 ShowWindow 3964->3968 3969 40595e 3964->3969 3965->3956 3966 405996 SendMessageW SendMessageW 3965->3966 3966->3956 3970 405b0d SendMessageW 3967->3970 3968->3969 3976 4045f9 SendMessageW 3969->3976 3970->3970 3971 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3970->3971 3973 405b4f SendMessageW 3971->3973 3973->3973 3974 405b78 GlobalUnlock SetClipboardData CloseClipboard 3973->3974 3974->3956 3975->3936 3976->3965 3977->3937 3979 40248a 3980 402da6 17 API calls 3979->3980 3981 40249c 3980->3981 3982 402da6 17 API calls 3981->3982 3983 4024a6 3982->3983 3996 402e36 3983->3996 3986 40292e 3987 4024de 3988 4024ea 3987->3988 3990 402d84 17 API calls 3987->3990 3991 402509 RegSetValueExW 3988->3991 3993 403371 44 API calls 3988->3993 3989 402da6 17 API calls 3992 4024d4 lstrlenW 3989->3992 3990->3988 3994 40251f RegCloseKey 3991->3994 3992->3987 3993->3991 3994->3986 3997 402e51 3996->3997 4000 406503 3997->4000 4001 406512 4000->4001 4002 4024b6 4001->4002 4003 40651d RegCreateKeyExW 4001->4003 4002->3986 4002->3987 4002->3989 4003->4002 4525 404e0b 4526 404e37 4525->4526 4527 404e1b 4525->4527 4529 404e6a 4526->4529 4530 404e3d SHGetPathFromIDListW 4526->4530 4536 405cac GetDlgItemTextW 4527->4536 4531 404e54 SendMessageW 4530->4531 4532 404e4d 4530->4532 4531->4529 4534 40140b 2 API calls 4532->4534 4533 404e28 SendMessageW 4533->4526 4534->4531 4536->4533 4537 40290b 4538 402da6 17 API calls 4537->4538 4539 402912 FindFirstFileW 4538->4539 4540 40293a 4539->4540 4544 402925 4539->4544 4545 4065af wsprintfW 4540->4545 4542 402943 4546 406668 lstrcpynW 4542->4546 4545->4542 4546->4544 4547 40190c 4548 401943 4547->4548 4549 402da6 17 API calls 4548->4549 4550 401948 4549->4550 4551 405d74 67 API calls 4550->4551 4552 401951 4551->4552 4061 405c8e ShellExecuteExW 4553 40190f 4554 402da6 17 API calls 4553->4554 4555 401916 4554->4555 4556 405cc8 MessageBoxIndirectW 4555->4556 4557 40191f 4556->4557 4558 401491 4559 4056ca 24 API calls 4558->4559 4560 401498 4559->4560 4561 402891 4562 402898 4561->4562 4564 402ba9 4561->4564 4563 402d84 17 API calls 4562->4563 4565 40289f 4563->4565 4566 4028ae SetFilePointer 4565->4566 4566->4564 4567 4028be 4566->4567 4569 4065af wsprintfW 4567->4569 4569->4564 4570 401f12 4571 402da6 17 API calls 4570->4571 4572 401f18 4571->4572 4573 402da6 17 API calls 4572->4573 4574 401f21 4573->4574 4575 402da6 17 API calls 4574->4575 4576 401f2a 4575->4576 4577 402da6 17 API calls 4576->4577 4578 401f33 4577->4578 4579 401423 24 API calls 4578->4579 4580 401f3a 4579->4580 4587 405c8e ShellExecuteExW 4580->4587 4582 401f82 4583 406ae0 5 API calls 4582->4583 4585 40292e 4582->4585 4584 401f9f CloseHandle 4583->4584 4584->4585 4587->4582 4588 402f93 4589 402fa5 SetTimer 4588->4589 4590 402fbe 4588->4590 4589->4590 4591 40300c 4590->4591 4592 403012 MulDiv 4590->4592 4593 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4592->4593 4593->4591 4609 401d17 4610 402d84 17 API calls 4609->4610 4611 401d1d IsWindow 4610->4611 4612 401a20 4611->4612 4164 401b9b 4165 401bec 4164->4165 4166 401ba8 4164->4166 4168 401bf1 4165->4168 4169 401c16 GlobalAlloc 4165->4169 4167 401c31 4166->4167 4174 401bbf 4166->4174 4171 4066a5 17 API calls 4167->4171 4177 40239d 4167->4177 4168->4177 4183 406668 lstrcpynW 4168->4183 4170 4066a5 17 API calls 4169->4170 4170->4167 4173 402397 4171->4173 4179 405cc8 MessageBoxIndirectW 4173->4179 4184 406668 lstrcpynW 4174->4184 4175 401c03 GlobalFree 4175->4177 4178 401bce 4185 406668 lstrcpynW 4178->4185 4179->4177 4181 401bdd 4186 406668 lstrcpynW 4181->4186 4183->4175 4184->4178 4185->4181 4186->4177 4613 40261c 4614 402da6 17 API calls 4613->4614 4615 402623 4614->4615 4618 406158 GetFileAttributesW CreateFileW 4615->4618 4617 40262f 4618->4617 4201 40259e 4202 402de6 17 API calls 4201->4202 4203 4025a8 4202->4203 4204 402d84 17 API calls 4203->4204 4205 4025b1 4204->4205 4206 4025d9 RegEnumValueW 4205->4206 4207 4025cd RegEnumKeyW 4205->4207 4210 40292e 4205->4210 4208 4025f5 RegCloseKey 4206->4208 4209 4025ee 4206->4209 4207->4208 4208->4210 4209->4208 4626 40149e 4627 4014ac PostQuitMessage 4626->4627 4628 40239d 4626->4628 4627->4628 4629 4015a3 4630 402da6 17 API calls 4629->4630 4631 4015aa SetFileAttributesW 4630->4631 4632 4015bc 4631->4632 3799 401fa4 3800 402da6 17 API calls 3799->3800 3801 401faa 3800->3801 3802 4056ca 24 API calls 3801->3802 3803 401fb4 3802->3803 3804 405c4b 2 API calls 3803->3804 3805 401fba 3804->3805 3809 40292e 3805->3809 3813 401fdd CloseHandle 3805->3813 3814 406ae0 WaitForSingleObject 3805->3814 3808 401fcf 3810 401fd4 3808->3810 3811 401fdf 3808->3811 3819 4065af wsprintfW 3810->3819 3811->3813 3813->3809 3815 406afa 3814->3815 3816 406b0c GetExitCodeProcess 3815->3816 3817 406a71 2 API calls 3815->3817 3816->3808 3818 406b01 WaitForSingleObject 3817->3818 3818->3815 3819->3813 3917 403c25 3918 403c40 3917->3918 3919 403c36 CloseHandle 3917->3919 3920 403c54 3918->3920 3921 403c4a CloseHandle 3918->3921 3919->3918 3926 403c82 3920->3926 3921->3920 3924 405d74 67 API calls 3925 403c65 3924->3925 3927 403c90 3926->3927 3928 403c59 3927->3928 3929 403c95 FreeLibrary GlobalFree 3927->3929 3928->3924 3929->3928 3929->3929 4004 4021aa 4005 402da6 17 API calls 4004->4005 4006 4021b1 4005->4006 4007 402da6 17 API calls 4006->4007 4008 4021bb 4007->4008 4009 402da6 17 API calls 4008->4009 4010 4021c5 4009->4010 4011 402da6 17 API calls 4010->4011 4012 4021cf 4011->4012 4013 402da6 17 API calls 4012->4013 4014 4021d9 4013->4014 4015 402218 CoCreateInstance 4014->4015 4016 402da6 17 API calls 4014->4016 4019 402237 4015->4019 4016->4015 4017 401423 24 API calls 4018 4022f6 4017->4018 4019->4017 4019->4018 4020 40252a 4031 402de6 4020->4031 4023 402da6 17 API calls 4024 40253d 4023->4024 4025 402548 RegQueryValueExW 4024->4025 4029 40292e 4024->4029 4026 40256e RegCloseKey 4025->4026 4027 402568 4025->4027 4026->4029 4027->4026 4036 4065af wsprintfW 4027->4036 4032 402da6 17 API calls 4031->4032 4033 402dfd 4032->4033 4034 4064d5 RegOpenKeyExW 4033->4034 4035 402534 4034->4035 4035->4023 4036->4026 4633 40202a 4634 402da6 17 API calls 4633->4634 4635 402031 4634->4635 4636 406a35 5 API calls 4635->4636 4637 402040 4636->4637 4638 4020cc 4637->4638 4639 40205c GlobalAlloc 4637->4639 4639->4638 4640 402070 4639->4640 4641 406a35 5 API calls 4640->4641 4642 402077 4641->4642 4643 406a35 5 API calls 4642->4643 4644 402081 4643->4644 4644->4638 4648 4065af wsprintfW 4644->4648 4646 4020ba 4649 4065af wsprintfW 4646->4649 4648->4646 4649->4638 4657 401a30 4658 402da6 17 API calls 4657->4658 4659 401a39 ExpandEnvironmentStringsW 4658->4659 4660 401a60 4659->4660 4661 401a4d 4659->4661 4661->4660 4662 401a52 lstrcmpW 4661->4662 4662->4660 4663 405031 GetDlgItem GetDlgItem 4664 405083 7 API calls 4663->4664 4665 4052a8 4663->4665 4666 40512a DeleteObject 4664->4666 4667 40511d SendMessageW 4664->4667 4670 40538a 4665->4670 4697 405317 4665->4697 4717 404f7f SendMessageW 4665->4717 4668 405133 4666->4668 4667->4666 4669 40516a 4668->4669 4673 4066a5 17 API calls 4668->4673 4671 4045c4 18 API calls 4669->4671 4672 405436 4670->4672 4676 40529b 4670->4676 4682 4053e3 SendMessageW 4670->4682 4675 40517e 4671->4675 4677 405440 SendMessageW 4672->4677 4678 405448 4672->4678 4674 40514c SendMessageW SendMessageW 4673->4674 4674->4668 4681 4045c4 18 API calls 4675->4681 4679 40462b 8 API calls 4676->4679 4677->4678 4685 405461 4678->4685 4686 40545a ImageList_Destroy 4678->4686 4693 405471 4678->4693 4684 405637 4679->4684 4698 40518f 4681->4698 4682->4676 4688 4053f8 SendMessageW 4682->4688 4683 40537c SendMessageW 4683->4670 4689 40546a GlobalFree 4685->4689 4685->4693 4686->4685 4687 4055eb 4687->4676 4694 4055fd ShowWindow GetDlgItem ShowWindow 4687->4694 4691 40540b 4688->4691 4689->4693 4690 40526a GetWindowLongW SetWindowLongW 4692 405283 4690->4692 4702 40541c SendMessageW 4691->4702 4695 4052a0 4692->4695 4696 405288 ShowWindow 4692->4696 4693->4687 4710 4054ac 4693->4710 4722 404fff 4693->4722 4694->4676 4716 4045f9 SendMessageW 4695->4716 4715 4045f9 SendMessageW 4696->4715 4697->4670 4697->4683 4698->4690 4701 4051e2 SendMessageW 4698->4701 4703 405265 4698->4703 4704 405220 SendMessageW 4698->4704 4705 405234 SendMessageW 4698->4705 4701->4698 4702->4672 4703->4690 4703->4692 4704->4698 4705->4698 4707 4055b6 4708 4055c1 InvalidateRect 4707->4708 4711 4055cd 4707->4711 4708->4711 4709 4054da SendMessageW 4713 4054f0 4709->4713 4710->4709 4710->4713 4711->4687 4731 404f3a 4711->4731 4712 405564 SendMessageW SendMessageW 4712->4713 4713->4707 4713->4712 4715->4676 4716->4665 4718 404fa2 GetMessagePos ScreenToClient SendMessageW 4717->4718 4719 404fde SendMessageW 4717->4719 4720 404fd6 4718->4720 4721 404fdb 4718->4721 4719->4720 4720->4697 4721->4719 4734 406668 lstrcpynW 4722->4734 4724 405012 4735 4065af wsprintfW 4724->4735 4726 40501c 4727 40140b 2 API calls 4726->4727 4728 405025 4727->4728 4736 406668 lstrcpynW 4728->4736 4730 40502c 4730->4710 4737 404e71 4731->4737 4733 404f4f 4733->4687 4734->4724 4735->4726 4736->4730 4738 404e8a 4737->4738 4739 4066a5 17 API calls 4738->4739 4740 404eee 4739->4740 4741 4066a5 17 API calls 4740->4741 4742 404ef9 4741->4742 4743 4066a5 17 API calls 4742->4743 4744 404f0f lstrlenW wsprintfW SetDlgItemTextW 4743->4744 4744->4733 4750 4023b2 4751 4023c0 4750->4751 4752 4023ba 4750->4752 4754 402da6 17 API calls 4751->4754 4755 4023ce 4751->4755 4753 402da6 17 API calls 4752->4753 4753->4751 4754->4755 4756 402da6 17 API calls 4755->4756 4758 4023dc 4755->4758 4756->4758 4757 402da6 17 API calls 4759 4023e5 WritePrivateProfileStringW 4757->4759 4758->4757 4103 402434 4104 402467 4103->4104 4105 40243c 4103->4105 4107 402da6 17 API calls 4104->4107 4106 402de6 17 API calls 4105->4106 4109 402443 4106->4109 4108 40246e 4107->4108 4114 402e64 4108->4114 4111 402da6 17 API calls 4109->4111 4112 40247b 4109->4112 4113 402454 RegDeleteValueW RegCloseKey 4111->4113 4113->4112 4115 402e78 4114->4115 4117 402e71 4114->4117 4115->4117 4118 402ea9 4115->4118 4117->4112 4119 4064d5 RegOpenKeyExW 4118->4119 4120 402ed7 4119->4120 4121 402f81 4120->4121 4122 402ee7 RegEnumValueW 4120->4122 4126 402f0a 4120->4126 4121->4117 4123 402f71 RegCloseKey 4122->4123 4122->4126 4123->4121 4124 402f46 RegEnumKeyW 4125 402f4f RegCloseKey 4124->4125 4124->4126 4127 406a35 5 API calls 4125->4127 4126->4123 4126->4124 4126->4125 4128 402ea9 6 API calls 4126->4128 4129 402f5f 4127->4129 4128->4126 4129->4121 4130 402f63 RegDeleteKeyW 4129->4130 4130->4121 4760 404734 lstrlenW 4761 404753 4760->4761 4762 404755 WideCharToMultiByte 4760->4762 4761->4762 4763 401735 4764 402da6 17 API calls 4763->4764 4765 40173c SearchPathW 4764->4765 4766 401757 4765->4766 4767 404ab5 4768 404ae1 4767->4768 4769 404af2 4767->4769 4828 405cac GetDlgItemTextW 4768->4828 4770 404afe GetDlgItem 4769->4770 4777 404b5d 4769->4777 4772 404b12 4770->4772 4776 404b26 SetWindowTextW 4772->4776 4780 405fe2 4 API calls 4772->4780 4773 404c41 4826 404df0 4773->4826 4830 405cac GetDlgItemTextW 4773->4830 4774 404aec 4775 4068ef 5 API calls 4774->4775 4775->4769 4781 4045c4 18 API calls 4776->4781 4777->4773 4782 4066a5 17 API calls 4777->4782 4777->4826 4779 40462b 8 API calls 4784 404e04 4779->4784 4785 404b1c 4780->4785 4786 404b42 4781->4786 4787 404bd1 SHBrowseForFolderW 4782->4787 4783 404c71 4788 40603f 18 API calls 4783->4788 4785->4776 4792 405f37 3 API calls 4785->4792 4789 4045c4 18 API calls 4786->4789 4787->4773 4790 404be9 CoTaskMemFree 4787->4790 4791 404c77 4788->4791 4793 404b50 4789->4793 4794 405f37 3 API calls 4790->4794 4831 406668 lstrcpynW 4791->4831 4792->4776 4829 4045f9 SendMessageW 4793->4829 4796 404bf6 4794->4796 4800 404c2d SetDlgItemTextW 4796->4800 4803 4066a5 17 API calls 4796->4803 4798 404c8e 4802 406a35 5 API calls 4798->4802 4799 404b56 4801 406a35 5 API calls 4799->4801 4800->4773 4801->4777 4809 404c95 4802->4809 4804 404c15 lstrcmpiW 4803->4804 4804->4800 4806 404c26 lstrcatW 4804->4806 4805 404cd6 4832 406668 lstrcpynW 4805->4832 4806->4800 4808 404cdd 4810 405fe2 4 API calls 4808->4810 4809->4805 4814 405f83 2 API calls 4809->4814 4815 404d2e 4809->4815 4811 404ce3 GetDiskFreeSpaceW 4810->4811 4813 404d07 MulDiv 4811->4813 4811->4815 4813->4815 4814->4809 4816 404f3a 20 API calls 4815->4816 4825 404d9f 4815->4825 4817 404d8c 4816->4817 4820 404da1 SetDlgItemTextW 4817->4820 4821 404d91 4817->4821 4818 40140b 2 API calls 4819 404dc2 4818->4819 4833 4045e6 KiUserCallbackDispatcher 4819->4833 4820->4825 4823 404e71 20 API calls 4821->4823 4823->4825 4824 404dde 4824->4826 4827 404a0e SendMessageW 4824->4827 4825->4818 4825->4819 4826->4779 4827->4826 4828->4774 4829->4799 4830->4783 4831->4798 4832->4808 4833->4824 4834 401d38 4835 402d84 17 API calls 4834->4835 4836 401d3f 4835->4836 4837 402d84 17 API calls 4836->4837 4838 401d4b GetDlgItem 4837->4838 4839 402638 4838->4839 4840 4014b8 4841 4014be 4840->4841 4842 401389 2 API calls 4841->4842 4843 4014c6 4842->4843 4844 40563e 4845 405662 4844->4845 4846 40564e 4844->4846 4849 40566a IsWindowVisible 4845->4849 4855 405681 4845->4855 4847 405654 4846->4847 4848 4056ab 4846->4848 4851 404610 SendMessageW 4847->4851 4850 4056b0 CallWindowProcW 4848->4850 4849->4848 4852 405677 4849->4852 4853 40565e 4850->4853 4851->4853 4854 404f7f 5 API calls 4852->4854 4854->4855 4855->4850 4856 404fff 4 API calls 4855->4856 4856->4848 4857 40263e 4858 402652 4857->4858 4859 40266d 4857->4859 4860 402d84 17 API calls 4858->4860 4861 402672 4859->4861 4862 40269d 4859->4862 4871 402659 4860->4871 4864 402da6 17 API calls 4861->4864 4863 402da6 17 API calls 4862->4863 4866 4026a4 lstrlenW 4863->4866 4865 402679 4864->4865 4874 40668a WideCharToMultiByte 4865->4874 4866->4871 4868 40268d lstrlenA 4868->4871 4869 4026e7 4870 4026d1 4870->4869 4872 40620a WriteFile 4870->4872 4871->4869 4871->4870 4873 406239 5 API calls 4871->4873 4872->4869 4873->4870 4874->4868

                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                      Function 00403640 Relevance: 89.7, APIs: 34, Strings: 17, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00008001), ref: 00403663
                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                                                                                                                                                                                                      • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                                                                                                                                                                                                      • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                                                                                                                                                                                                      • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000000,00435000,00000020,00435000,00000000), ref: 004037E9
                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(1033), ref: 00403982
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405C16: CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00435000,00000000,?), ref: 00403A8F
                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(00420F08,00420F08,?,start_menu_on,?), ref: 00403B0E
                                                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\nso7806.exe,00420F08,00000001), ref: 00403B21
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                                                                                                                                                                                                                                      • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                                                                                      • String ID: .tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\nso7806.exe$C:\Users\user\PCAppStore$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$start_menu_on$~nsu
                                                                                                                                                                                                                                                                                                      • API String ID: 2292928366-3867555683
                                                                                                                                                                                                                                                                                                      • Opcode ID: cb87961358b5fa6c373cbae1304794ea391b034520e748bd7cbf0caf75cffeef
                                                                                                                                                                                                                                                                                                      • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb87961358b5fa6c373cbae1304794ea391b034520e748bd7cbf0caf75cffeef
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 141 405809-405824 142 4059b3-4059ba 141->142 143 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 4059e4-4059f1 142->145 146 4059bc-4059de GetDlgItem CreateThread FindCloseChangeNotification 142->146 163 4058f3-40590d SendMessageW * 2 143->163 164 40590f-405912 143->164 148 4059f3-4059f9 145->148 149 405a0f-405a19 145->149 146->145 151 405a34-405a3d call 40462b 148->151 152 4059fb-405a0a ShowWindow * 2 call 4045f9 148->152 153 405a1b-405a21 149->153 154 405a6f-405a73 149->154 167 405a42-405a46 151->167 152->149 158 405a23-405a2f call 40459d 153->158 159 405a49-405a59 ShowWindow 153->159 154->151 156 405a75-405a7b 154->156 156->151 165 405a7d-405a90 SendMessageW 156->165 158->151 161 405a69-405a6a call 40459d 159->161 162 405a5b-405a64 call 4056ca 159->162 161->154 162->161 163->164 170 405922-405939 call 4045c4 164->170 171 405914-405920 SendMessageW 164->171 172 405b92-405b94 165->172 173 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 165->173 180 40593b-40594f ShowWindow 170->180 181 40596f-405990 GetDlgItem SendMessageW 170->181 171->170 172->167 178 405ac3-405ad3 GetWindowRect 173->178 179 405ad6-405aeb TrackPopupMenu 173->179 178->179 179->172 183 405af1-405b08 179->183 184 405951-40595c ShowWindow 180->184 185 40595e 180->185 181->172 182 405996-4059ae SendMessageW * 2 181->182 182->172 186 405b0d-405b28 SendMessageW 183->186 187 405964-40596a call 4045f9 184->187 185->187 186->186 188 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405b4f-405b76 SendMessageW 188->190 190->190 191 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 00405867
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 00405876
                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 004058B3
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 004058BA
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405977
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 00405885
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004059C9
                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,Function_0000579D,00000000), ref: 004059D7
                                                                                                                                                                                                                                                                                                      • FindCloseChangeNotification.KERNEL32(00000000), ref: 004059DE
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                                                                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405AAA
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00405ACA
                                                                                                                                                                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00405B47
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                                                                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                                                      • String ID: H7B${
                                                                                                                                                                                                                                                                                                      • API String ID: 4154960007-2256286769
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6a659d184ca0cbaf46b940c505f8c4c756133619c4a9b0536b4dfe1fbbeb064c
                                                                                                                                                                                                                                                                                                      • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a659d184ca0cbaf46b940c505f8c4c756133619c4a9b0536b4dfe1fbbeb064c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 504 405d74-405d9a call 40603f 507 405db3-405dba 504->507 508 405d9c-405dae DeleteFileW 504->508 510 405dbc-405dbe 507->510 511 405dcd-405ddd call 406668 507->511 509 405f30-405f34 508->509 512 405dc4-405dc7 510->512 513 405ede-405ee3 510->513 519 405dec-405ded call 405f83 511->519 520 405ddf-405dea lstrcatW 511->520 512->511 512->513 513->509 515 405ee5-405ee8 513->515 517 405ef2-405efa call 40699e 515->517 518 405eea-405ef0 515->518 517->509 528 405efc-405f10 call 405f37 call 405d2c 517->528 518->509 523 405df2-405df6 519->523 520->523 524 405e02-405e08 lstrcatW 523->524 525 405df8-405e00 523->525 527 405e0d-405e29 lstrlenW FindFirstFileW 524->527 525->524 525->527 529 405ed3-405ed7 527->529 530 405e2f-405e37 527->530 544 405f12-405f15 528->544 545 405f28-405f2b call 4056ca 528->545 529->513 535 405ed9 529->535 532 405e57-405e6b call 406668 530->532 533 405e39-405e41 530->533 546 405e82-405e8d call 405d2c 532->546 547 405e6d-405e75 532->547 536 405e43-405e4b 533->536 537 405eb6-405ec6 FindNextFileW 533->537 535->513 536->532 540 405e4d-405e55 536->540 537->530 543 405ecc-405ecd FindClose 537->543 540->532 540->537 543->529 544->518 550 405f17-405f26 call 4056ca call 406428 544->550 545->509 555 405eae-405eb1 call 4056ca 546->555 556 405e8f-405e92 546->556 547->537 551 405e77-405e80 call 405d74 547->551 550->509 551->537 555->537 559 405e94-405ea4 call 4056ca call 406428 556->559 560 405ea6-405eac 556->560 559->537 560->537
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,76233420,76232EE0,00000000), ref: 00405D9D
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\*.*,\*.*), ref: 00405DE5
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\*.*,?,?,76233420,76232EE0,00000000), ref: 00405E0E
                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\*.*,?,?,76233420,76232EE0,00000000), ref: 00405E1E
                                                                                                                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\*.*$\*.*
                                                                                                                                                                                                                                                                                                      • API String ID: 2035342205-2200384287
                                                                                                                                                                                                                                                                                                      • Opcode ID: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • C:\Users\user\PCAppStore, xrefs: 00402269
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\PCAppStore
                                                                                                                                                                                                                                                                                                      • API String ID: 542301482-4217928965
                                                                                                                                                                                                                                                                                                      • Opcode ID: bf3cff04906a8fef3a301f9eed657051bf574afb9f0f1a3cc87761232435f051
                                                                                                                                                                                                                                                                                                      • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf3cff04906a8fef3a301f9eed657051bf574afb9f0f1a3cc87761232435f051
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50, 4#v.#v,?,76232EE0,00405D94,?,76233420,76232EE0), ref: 004069A9
                                                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 192 4040c5-4040d7 193 4040dd-4040e3 192->193 194 40423e-40424d 192->194 193->194 195 4040e9-4040f2 193->195 196 40429c-4042b1 194->196 197 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 194->197 200 4040f4-404101 SetWindowPos 195->200 201 404107-40410e 195->201 198 4042f1-4042f6 call 404610 196->198 199 4042b3-4042b6 196->199 197->196 214 4042fb-404316 198->214 203 4042b8-4042c3 call 401389 199->203 204 4042e9-4042eb 199->204 200->201 206 404110-40412a ShowWindow 201->206 207 404152-404158 201->207 203->204 228 4042c5-4042e4 SendMessageW 203->228 204->198 213 404591 204->213 215 404130-404143 GetWindowLongW 206->215 216 40422b-404239 call 40462b 206->216 209 404171-404174 207->209 210 40415a-40416c DestroyWindow 207->210 220 404176-404182 SetWindowLongW 209->220 221 404187-40418d 209->221 217 40456e-404574 210->217 219 404593-40459a 213->219 224 404318-40431a call 40140b 214->224 225 40431f-404325 214->225 215->216 226 404149-40414c ShowWindow 215->226 216->219 217->213 231 404576-40457c 217->231 220->219 221->216 227 404193-4041a2 GetDlgItem 221->227 224->225 232 40432b-404336 225->232 233 40454f-404568 DestroyWindow KiUserCallbackDispatcher 225->233 226->207 235 4041c1-4041c4 227->235 236 4041a4-4041bb SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 40457e-404587 ShowWindow 231->237 232->233 234 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 232->234 233->217 264 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 KiUserCallbackDispatcher 234->264 265 40438b-404390 234->265 239 4041c6-4041c7 235->239 240 4041c9-4041cc 235->240 236->213 236->235 237->213 242 4041f7-4041fc call 40459d 239->242 243 4041da-4041df 240->243 244 4041ce-4041d4 240->244 242->216 247 404215-404225 SendMessageW 243->247 249 4041e1-4041e7 243->249 244->247 248 4041d6-4041d8 244->248 247->216 248->242 252 4041e9-4041ef call 40140b 249->252 253 4041fe-404207 call 40140b 249->253 260 4041f5 252->260 253->216 262 404209-404213 253->262 260->242 262->260 268 4043d1-4043d2 264->268 269 4043d4 264->269 265->264 270 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 404406-404417 SendMessageW 270->271 272 404419 270->272 273 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 271->273 272->273 273->214 284 404464-404466 273->284 284->214 285 40446c-404470 284->285 286 404472-404478 285->286 287 40448f-4044a3 DestroyWindow 285->287 286->213 288 40447e-404484 286->288 287->217 289 4044a9-4044d6 CreateDialogParamW 287->289 288->214 290 40448a 288->290 289->217 291 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 404535-404548 ShowWindow call 404610 291->296 298 40454d 296->298 298->217
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00404121
                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00404160
                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                                                                                                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043C7
                                                                                                                                                                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                                                                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: H7B
                                                                                                                                                                                                                                                                                                      • API String ID: 3964124867-2300413410
                                                                                                                                                                                                                                                                                                      • Opcode ID: 893e6180ecd42f4ea6a208f4ac87e42fc756e33e0374c8e2ff6db430764e6982
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 893e6180ecd42f4ea6a208f4ac87e42fc756e33e0374c8e2ff6db430764e6982
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00403D17 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 299 403d17-403d2f call 406a35 302 403d31-403d41 call 4065af 299->302 303 403d43-403d7a call 406536 299->303 312 403d9d-403dc6 call 403fed call 40603f 302->312 308 403d92-403d98 lstrcatW 303->308 309 403d7c-403d8d call 406536 303->309 308->312 309->308 317 403e58-403e60 call 40603f 312->317 318 403dcc-403dd1 312->318 324 403e62-403e69 call 4066a5 317->324 325 403e6e-403e93 LoadImageW 317->325 318->317 320 403dd7-403dff call 406536 318->320 320->317 326 403e01-403e05 320->326 324->325 328 403f14-403f1c call 40140b 325->328 329 403e95-403ec5 RegisterClassW 325->329 330 403e17-403e23 lstrlenW 326->330 331 403e07-403e14 call 405f64 326->331 342 403f26-403f31 call 403fed 328->342 343 403f1e-403f21 328->343 332 403fe3 329->332 333 403ecb-403f0f SystemParametersInfoW CreateWindowExW 329->333 337 403e25-403e33 lstrcmpiW 330->337 338 403e4b-403e53 call 405f37 call 406668 330->338 331->330 336 403fe5-403fec 332->336 333->328 337->338 341 403e35-403e3f GetFileAttributesW 337->341 338->317 345 403e41-403e43 341->345 346 403e45-403e46 call 405f83 341->346 352 403f37-403f51 ShowWindow call 4069c5 342->352 353 403fba-403fbb call 40579d 342->353 343->336 345->338 345->346 346->338 358 403f53-403f58 call 4069c5 352->358 359 403f5d-403f6f GetClassInfoW 352->359 357 403fc0-403fc2 353->357 360 403fc4-403fca 357->360 361 403fdc-403fde call 40140b 357->361 358->359 364 403f71-403f81 GetClassInfoW RegisterClassW 359->364 365 403f87-403faa DialogBoxParamW call 40140b 359->365 360->343 366 403fd0-403fd7 call 40140b 360->366 361->332 364->365 370 403faf-403fb8 call 403c67 365->370 366->343 370->336
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,76233420), ref: 00403E18
                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,00435800,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403E36
                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00435800), ref: 00403E7F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00429200), ref: 00403EBC
                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00429200), ref: 00403F6B
                                                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00429200), ref: 00403F78
                                                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00429200), ref: 00403F81
                                                                                                                                                                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                                      • API String ID: 1975747703-255102361
                                                                                                                                                                                                                                                                                                      • Opcode ID: 892dce99883e4e808010b4efe996dd74ca81fa46163d4c30e433e24d9dbef113
                                                                                                                                                                                                                                                                                                      • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 892dce99883e4e808010b4efe996dd74ca81fa46163d4c30e433e24d9dbef113
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 373 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 376 403120-403125 373->376 377 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 373->377 378 40336a-40336e 376->378 385 403243-403251 call 40302e 377->385 386 40315e 377->386 392 403322-403327 385->392 393 403257-40325a 385->393 388 403163-40317a 386->388 390 40317c 388->390 391 40317e-403187 call 4035e2 388->391 390->391 399 40318d-403194 391->399 400 4032de-4032e6 call 40302e 391->400 392->378 395 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 393->395 396 40325c-403274 call 4035f8 call 4035e2 393->396 424 4032d4-4032d9 395->424 425 4032e8-403318 call 4035f8 call 403371 395->425 396->392 419 40327a-403280 396->419 404 403210-403214 399->404 405 403196-4031aa call 406113 399->405 400->392 409 403216-40321d call 40302e 404->409 410 40321e-403224 404->410 405->410 422 4031ac-4031b3 405->422 409->410 415 403233-40323b 410->415 416 403226-403230 call 406b22 410->416 415->388 423 403241 415->423 416->415 419->392 419->395 422->410 428 4031b5-4031bc 422->428 423->385 424->378 434 40331d-403320 425->434 428->410 430 4031be-4031c5 428->430 430->410 431 4031c7-4031ce 430->431 431->410 433 4031d0-4031f0 431->433 433->392 435 4031f6-4031fa 433->435 434->392 436 403329-40333a 434->436 437 403202-40320a 435->437 438 4031fc-403200 435->438 439 403342-403347 436->439 440 40333c 436->440 437->410 441 40320c-40320e 437->441 438->423 438->437 442 403348-40334e 439->442 440->439 441->410 442->442 443 403350-403368 call 406113 442->443 443->378
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\nso7806.exe,00000400), ref: 00403100
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nso7806.exe,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 00403149
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 0040328B
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\nso7806.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                                                      • API String ID: 2803837635-1278965644
                                                                                                                                                                                                                                                                                                      • Opcode ID: 97930163d1dfb71a91f922b1d69cd692a23f24310b512c43e229d1567f3817b4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97930163d1dfb71a91f922b1d69cd692a23f24310b512c43e229d1567f3817b4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004066A5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 446 4066a5-4066b0 447 4066b2-4066c1 446->447 448 4066c3-4066d9 446->448 447->448 449 4066f1-4066fa 448->449 450 4066db-4066e8 448->450 452 406700 449->452 453 4068d5-4068e0 449->453 450->449 451 4066ea-4066ed 450->451 451->449 454 406705-406712 452->454 455 4068e2-4068e6 call 406668 453->455 456 4068eb-4068ec 453->456 454->453 457 406718-406721 454->457 455->456 459 4068b3 457->459 460 406727-406764 457->460 461 4068c1-4068c4 459->461 462 4068b5-4068bf 459->462 463 406857-40685c 460->463 464 40676a-406771 460->464 465 4068c6-4068cf 461->465 462->465 466 40685e-406864 463->466 467 40688f-406894 463->467 468 406773-406775 464->468 469 406776-406778 464->469 465->453 474 406702 465->474 475 406874-406880 call 406668 466->475 476 406866-406872 call 4065af 466->476 472 4068a3-4068b1 lstrlenW 467->472 473 406896-40689e call 4066a5 467->473 468->469 470 4067b5-4067b8 469->470 471 40677a-406798 call 406536 469->471 479 4067c8-4067cb 470->479 480 4067ba-4067c6 GetSystemDirectoryW 470->480 484 40679d-4067a1 471->484 472->465 473->472 474->454 483 406885-40688b 475->483 476->483 486 406834-406836 479->486 487 4067cd-4067db GetWindowsDirectoryW 479->487 485 406838-40683c 480->485 483->472 489 40688d 483->489 491 4067a7-4067b0 call 4066a5 484->491 492 40683e-406842 484->492 485->492 493 40684f-406855 call 4068ef 485->493 486->485 490 4067dd-4067e5 486->490 487->486 489->493 497 4067e7-4067f0 490->497 498 4067fc-406812 SHGetSpecialFolderLocation 490->498 491->485 492->493 495 406844-40684a lstrcatW 492->495 493->472 495->493 503 4067f8-4067fa 497->503 499 406830 498->499 500 406814-40682e SHGetPathFromIDListW CoTaskMemFree 498->500 499->486 500->485 500->499 503->485 503->498
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 004067C0
                                                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$start_menu_on
                                                                                                                                                                                                                                                                                                      • API String ID: 4260037668-3422322524
                                                                                                                                                                                                                                                                                                      • Opcode ID: c7f3186a27d226da10b1ac17c0a3b125f126ea48b072fd2fc9bd80ff76ce1cbf
                                                                                                                                                                                                                                                                                                      • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7f3186a27d226da10b1ac17c0a3b125f126ea48b072fd2fc9bd80ff76ce1cbf
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 568 40176f-401794 call 402da6 call 405fae 573 401796-40179c call 406668 568->573 574 40179e-4017b0 call 406668 call 405f37 lstrcatW 568->574 579 4017b5-4017b6 call 4068ef 573->579 574->579 583 4017bb-4017bf 579->583 584 4017c1-4017cb call 40699e 583->584 585 4017f2-4017f5 583->585 592 4017dd-4017ef 584->592 593 4017cd-4017db CompareFileTime 584->593 586 4017f7-4017f8 call 406133 585->586 587 4017fd-401819 call 406158 585->587 586->587 595 40181b-40181e 587->595 596 40188d-4018b6 call 4056ca call 403371 587->596 592->585 593->592 597 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 595->597 598 40186f-401879 call 4056ca 595->598 608 4018b8-4018bc 596->608 609 4018be-4018ca SetFileTime 596->609 597->583 630 401864-401865 597->630 610 401882-401888 598->610 608->609 612 4018d0-4018db FindCloseChangeNotification 608->612 609->612 613 402c33 610->613 615 4018e1-4018e4 612->615 616 402c2a-402c2d 612->616 617 402c35-402c39 613->617 620 4018e6-4018f7 call 4066a5 lstrcatW 615->620 621 4018f9-4018fc call 4066a5 615->621 616->613 627 401901-4023a2 call 405cc8 620->627 621->627 627->616 627->617 630->610 632 401867-401868 630->632 632->598
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,C:\Users\user\PCAppStore,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,004030A8), ref: 00405725
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp$C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dll$C:\Users\user\PCAppStore$get
                                                                                                                                                                                                                                                                                                      • API String ID: 1941528284-1284637526
                                                                                                                                                                                                                                                                                                      • Opcode ID: f03c93b23e6ab00c7983a02dfda101a92c5a1fce17f4ed525dbb3e2fb3fa84bb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f03c93b23e6ab00c7983a02dfda101a92c5a1fce17f4ed525dbb3e2fb3fa84bb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 634 4056ca-4056df 635 4056e5-4056f6 634->635 636 405796-40579a 634->636 637 405701-40570d lstrlenW 635->637 638 4056f8-4056fc call 4066a5 635->638 640 40572a-40572e 637->640 641 40570f-40571f lstrlenW 637->641 638->637 642 405730-405737 SetWindowTextW 640->642 643 40573d-405741 640->643 641->636 644 405721-405725 lstrcatW 641->644 642->643 645 405743-405785 SendMessageW * 3 643->645 646 405787-405789 643->646 644->640 645->646 646->636 647 40578b-40578e 646->647 647->636
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,004030A8), ref: 00405725
                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                                                                                      • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\
                                                                                                                                                                                                                                                                                                      • API String ID: 1495540970-83128890
                                                                                                                                                                                                                                                                                                      • Opcode ID: f39bfaa706d7e049ae2ab7607e16ca3e33473490c071650c65a612beda73d311
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f39bfaa706d7e049ae2ab7607e16ca3e33473490c071650c65a612beda73d311
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 648 4026ec-402705 call 402d84 651 402c2a-402c2d 648->651 652 40270b-402712 648->652 655 402c33-402c39 651->655 653 402714 652->653 654 402717-40271a 652->654 653->654 656 402720-40272f call 4065c8 654->656 657 40287e-402886 654->657 656->657 661 402735 656->661 657->651 662 40273b-40273f 661->662 663 4027d4-4027d7 662->663 664 402745-402760 ReadFile 662->664 665 4027d9-4027dc 663->665 666 4027ef-4027ff call 4061db 663->666 664->657 667 402766-40276b 664->667 665->666 668 4027de-4027e9 call 406239 665->668 666->657 675 402801 666->675 667->657 670 402771-40277f 667->670 668->657 668->666 673 402785-402797 MultiByteToWideChar 670->673 674 40283a-402846 call 4065af 670->674 673->675 676 402799-40279c 673->676 674->655 681 402804-402807 675->681 679 40279e-4027a9 676->679 679->681 682 4027ab-4027d0 SetFilePointer MultiByteToWideChar 679->682 681->674 683 402809-40280e 681->683 682->679 684 4027d2 682->684 685 402810-402815 683->685 686 40284b-40284f 683->686 684->675 685->686 687 402817-40282a 685->687 688 402851-402855 686->688 689 40286c-402878 SetFilePointer 686->689 687->657 690 40282c-402832 687->690 691 402857-40285b 688->691 692 40285d-40286a 688->692 689->657 690->662 693 402838 690->693 691->689 691->692 692->657 693->657
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                                                      • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 694 40302e-40303d 695 403057-40305d 694->695 696 40303f-403046 694->696 699 403067-403073 GetTickCount 695->699 700 40305f-403065 call 406a71 695->700 697 403048-403049 DestroyWindow 696->697 698 40304f-403055 696->698 697->698 701 4030cd-4030cf 698->701 699->701 703 403075-40307b 699->703 700->701 705 4030aa-4030c7 CreateDialogParamW ShowWindow 703->705 706 40307d-403084 703->706 705->701 706->701 707 403086-4030a3 call 403012 wsprintfW call 4056ca 706->707 711 4030a8 707->711 711->701
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00403095
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,004030A8), ref: 00405725
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00403012: MulDiv.KERNEL32(0005C7C7,00000064,00060FCA), ref: 00403027
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: ... %d%%
                                                                                                                                                                                                                                                                                                      • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                                                                                      • Opcode ID: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 712 4069c5-4069e5 GetSystemDirectoryW 713 4069e7 712->713 714 4069e9-4069eb 712->714 713->714 715 4069fc-4069fe 714->715 716 4069ed-4069f6 714->716 718 4069ff-406a32 wsprintfW LoadLibraryExW 715->718 716->715 717 4069f8-4069fa 716->717 717->718
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                                      • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                      • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 719 405b99-405be4 CreateDirectoryW 720 405be6-405be8 719->720 721 405bea-405bf7 GetLastError 719->721 722 405c11-405c13 720->722 721->722 723 405bf9-405c0d SetFileSecurityW 721->723 723->720 724 405c0f GetLastError 723->724 724->722
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                                                                                                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                      • API String ID: 3449924974-3936084776
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                      • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 725 401d81-401d85 726 401d94-401d9a GetDlgItem 725->726 727 401d87-401d92 call 402d84 725->727 728 401da0-401dcc 726->728 727->728 730 401dd7 728->730 731 401dce-401dd5 call 402da6 728->731 734 401ddb-401e31 GetClientRect LoadImageW SendMessageW 730->734 731->734 736 401e33-401e36 734->736 737 401e3f-401e42 734->737 736->737 738 401e38-401e39 DeleteObject 736->738 739 401e48 737->739 740 402c2a-402c39 737->740 738->737 739->740
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 743 401c43-401c63 call 402d84 * 2 748 401c65-401c6c call 402da6 743->748 749 401c6f-401c73 743->749 748->749 751 401c75-401c7c call 402da6 749->751 752 401c7f-401c85 749->752 751->752 755 401cd3-401cfd call 402da6 * 2 FindWindowExW 752->755 756 401c87-401ca3 call 402d84 * 2 752->756 766 401d03 755->766 767 401cc3-401cd1 SendMessageW 756->767 768 401ca5-401cc1 SendMessageTimeoutW 756->768 769 401d06-401d09 766->769 767->766 768->769 770 402c2a-402c39 769->770 771 401d0f 769->771 771->770
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                                                      • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                                                                                                      • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                                                                                                      • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp
                                                                                                                                                                                                                                                                                                      • API String ID: 2655323295-837362587
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f030e2285d0e8324dbb33499a3d18f97b2edcfc8a0ed7f0bba11d863903431b
                                                                                                                                                                                                                                                                                                      • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f030e2285d0e8324dbb33499a3d18f97b2edcfc8a0ed7f0bba11d863903431b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040603F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4#v.#v,?,76232EE0,00405D94,?,76233420,76232EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50, 4#v.#v,?,76232EE0,00405D94,?,76233420,76232EE0,00000000), ref: 00406098
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50, 4#v.#v,?,76232EE0,00405D94,?,76233420,76232EE0), ref: 004060A8
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: 4#v.#v$P_B
                                                                                                                                                                                                                                                                                                      • API String ID: 3248276644-819321360
                                                                                                                                                                                                                                                                                                      • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                                                                                                      • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                                                                                                      • API String ID: 1716503409-1857211195
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004020D8 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000400,?,0040CE58,0040A000,?,00000008,00000001,000000F0), ref: 00402164
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,004030A8), ref: 00405725
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 719239633-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: eacc7f29ef9238f75312dc60e6ea6028a018b8bf669bd73802a6ecb2e4004895
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eacc7f29ef9238f75312dc60e6ea6028a018b8bf669bd73802a6ecb2e4004895
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\, xrefs: 00403C5B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\
                                                                                                                                                                                                                                                                                                      • API String ID: 2962429428-1400288555
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                                                                                                      • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50, 4#v.#v,?,76232EE0,00405D94,?,76233420,76232EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405B99: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\PCAppStore,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • C:\Users\user\PCAppStore, xrefs: 00401640
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\PCAppStore
                                                                                                                                                                                                                                                                                                      • API String ID: 1892508949-4217928965
                                                                                                                                                                                                                                                                                                      • Opcode ID: 549c49a0165827fdc5d5d158968deb429f02c31064a37383ceaea4003741be7b
                                                                                                                                                                                                                                                                                                      • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 549c49a0165827fdc5d5d158968deb429f02c31064a37383ceaea4003741be7b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00406587
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                      • String ID: Remove folder:
                                                                                                                                                                                                                                                                                                      • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                                                                                      • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                                                                                                      • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                      • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                                                                                                      • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                                                                                                      • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004035F8: SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(11CA3CD8,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FilePointer$CountTick
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1092082344-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7c0ab14c9ef84ee4c874d23136c95771ec66e08690032c4b640086482a56d3ee
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(0074ADD0), ref: 00401C0B
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: get
                                                                                                                                                                                                                                                                                                      • API String ID: 3292104215-4248514160
                                                                                                                                                                                                                                                                                                      • Opcode ID: bdf04e95d0418c1283acce3b0f632dee92d4316cd1ac10ee58e582a57c8be167
                                                                                                                                                                                                                                                                                                      • Instruction ID: d74cddccbdd50a14e5bf5e3e63826a63b2a65df0fd836753f00777670cd3b466
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdf04e95d0418c1283acce3b0f632dee92d4316cd1ac10ee58e582a57c8be167
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5321D872904210DBDB20EFA4DEC4E5E73A4AB047157150A3BF542F72D0D6BD9C518BAD
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Enum$CloseValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 397863658-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f8ecbf2941afd987342e3d0e374724149387460ae1bcfcffcad33ad506850584
                                                                                                                                                                                                                                                                                                      • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8ecbf2941afd987342e3d0e374724149387460ae1bcfcffcad33ad506850584
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406133: GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406133: SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D47
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                                                                                                                                                                                                      • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040459D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000408,?,00000000,004041FC), ref: 004045BB
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                      • String ID: x
                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                                                                      • Opcode ID: a4e2778218c9fdeab8ae4952123a6e605dd424a78c20075fb3486bdcc909a4f1
                                                                                                                                                                                                                                                                                                      • Instruction ID: 271d720e87c3080f9bc4c684b425461430c88a900e0fa794081ec75d4c8aeb56
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4e2778218c9fdeab8ae4952123a6e605dd424a78c20075fb3486bdcc909a4f1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 58C01271646200FBCB208B00EE00F067A21B7A4B02F2088B9FB81240B48A314822DB2D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                                                                                                      • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNEL32(?,?,?,C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 59416931fe6cbd160ae2d41dedc63c3ae0631c75c017c87326ef4f3f2ddff173
                                                                                                                                                                                                                                                                                                      • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 59416931fe6cbd160ae2d41dedc63c3ae0631c75c017c87326ef4f3f2ddff173
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                                                                                                      • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegDeleteValueW.KERNEL32(00000000,00000000,00000033), ref: 00402456
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseDeleteValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2831762973-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 65ff1f8dbaffb273fea002e1581b0fe02a96c3d403949f6d37ec42173edc1899
                                                                                                                                                                                                                                                                                                      • Instruction ID: 27a137a867c600d8965633a271772258b7302ea9b92edfc7e4bdeed26dcbc29b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65ff1f8dbaffb273fea002e1581b0fe02a96c3d403949f6d37ec42173edc1899
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 54F06272A04120EBDB11ABB89B4DAAD72A9AF44354F15443BE141B71C0DAFC5D05866E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040579D Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 004057AD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                      • OleUninitialize.OLE32(00000404,00000000,?,00000000,?), ref: 004057F9
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b14588aebbadd05bc97f1dd14ffe2b6982532d9bfcd69c4411fdff16e8679f7d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 683c9d360a8619809caff371317e20043972a5eac84f98be19084c03997f3dfe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b14588aebbadd05bc97f1dd14ffe2b6982532d9bfcd69c4411fdff16e8679f7d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84F09072600600CBD6215B54AD01B17B764EB84304F45447FFF89732F0DB7A48529A6E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 153ab9e6739f7f886f4c830da5bbd0037cfdcbd629ab714a5d97d12cd43f86c5
                                                                                                                                                                                                                                                                                                      • Instruction ID: 74d914ea4967392a65d1c9fdd8f91c6329c2dde8704c14122971abf6b6e16597
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 153ab9e6739f7f886f4c830da5bbd0037cfdcbd629ab714a5d97d12cd43f86c5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E0D872908201CFE705EBA4EE485AD73F0EF40315710097FE401F11D0DBB54C00862D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3712363035-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                                                                                                      • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 909852535-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f432a0a30971dc187192fe2491b4b63328d533872b60b8ab23492fb2b34197a6
                                                                                                                                                                                                                                                                                                      • Instruction ID: c061831bd97a7b49b699665abee3b6b910fafb94a2d14f64d6e35fdc86e4b588
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f432a0a30971dc187192fe2491b4b63328d533872b60b8ab23492fb2b34197a6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 36E08C72700408FFEB11CBA4EE84DAEB7B9FB40315F00007AF502A00A0D7300D51CA28
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00403C82 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,76233420,00000000,76232EE0,00403C59,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C9C
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00403CA3
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: e868f33ba05eeb96666b2da3448a48ed76ae7177416a2bb01e196352cb617163
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1b4b668df254a36c82b8f96f79c5ae0e05fb6c29bd97d86a5de4613e9375b038
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e868f33ba05eeb96666b2da3448a48ed76ae7177416a2bb01e196352cb617163
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AE08C335052205BD6211F55EA0875A7768AF94B26F06006AE980BB26087781C424BC8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                      • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000000,00000000,00000000,00000000,004116F3,0040CEF0,00403579,0040CEF0,004116F3,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406563,?,00000000,?,?,Remove folder: ,?), ref: 004064F9
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004045C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,?,00000000), ref: 004045DE
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 281422827-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 338b22578c27dde16efcacc48fffc52d96184f66aa896157923e45f950491c93
                                                                                                                                                                                                                                                                                                      • Instruction ID: ac81fd1055ba0297197cac3df011722fda0f302089e5b839fe348bc6695a069d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 338b22578c27dde16efcacc48fffc52d96184f66aa896157923e45f950491c93
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77C04C7554C300BFE641A755CC42F1FB799EF94319F04C92EB19DE11D1C63984309A2A
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405C8E Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00405C9D
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExecuteShell
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 587946157-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                                                                                                                                                                                                      • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,004030A8), ref: 00405725
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405C4B: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426750,00000000,00000000), ref: 00405C74
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32(?,?), ref: 00406B13
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2972824698-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8167ccd890c8e3f23bc8d286bd9f1b71588b31937b09ab415f675532f6c5344c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8167ccd890c8e3f23bc8d286bd9f1b71588b31937b09ab415f675532f6c5344c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 15a9c0a1a05cffc918dcbcc278dd47063fd183ee82f4bdf0f9578bef0d0e5dce
                                                                                                                                                                                                                                                                                                      • Instruction ID: bbd52a04332822db077aadb4670005be58b9dadf0e212328a8e92bdd2ddecc01
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15a9c0a1a05cffc918dcbcc278dd47063fd183ee82f4bdf0f9578bef0d0e5dce
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BD05E73A141018BD714EBB8BE8545E73A8EB503193208837D442E1191E6788896861C
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                      Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404B04
                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(Remove folder: ,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404C28
                                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404C3A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004068EF: CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00404E71: SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: A$H7B$Remove folder: $start_menu_on
                                                                                                                                                                                                                                                                                                      • API String ID: 2624150263-2689166972
                                                                                                                                                                                                                                                                                                      • Opcode ID: 734c011ebc2d0f92405da2c854c6f8e545ee1382d292d09d68964a29728ff11f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 734c011ebc2d0f92405da2c854c6f8e545ee1382d292d09d68964a29728ff11f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1358fc4729cd4e161e3f995057c9de5906a44dd4f8dff08d490623953bdc3ea8
                                                                                                                                                                                                                                                                                                      • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1358fc4729cd4e161e3f995057c9de5906a44dd4f8dff08d490623953bdc3ea8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00405049
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00405054
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                                                                                                                                                                                                      • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 004050B5
                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,0040563E), ref: 004050CE
                                                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                                                                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040527D
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 0040546B
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405620
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                                                      • String ID: $M$N
                                                                                                                                                                                                                                                                                                      • API String ID: 2564846305-813528018
                                                                                                                                                                                                                                                                                                      • Opcode ID: 880e86f9e7fed988ff02f9e28523034eefce24413bce59564bf639013fab014c
                                                                                                                                                                                                                                                                                                      • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 880e86f9e7fed988ff02f9e28523034eefce24413bce59564bf639013fab014c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404835
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 00404863
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 004048FF
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 00404931
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: N$Remove folder:
                                                                                                                                                                                                                                                                                                      • API String ID: 3103080414-3051863454
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,00426DE8,00000400), ref: 004062F2
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004275E8,00000400), ref: 0040630F
                                                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 0040632D
                                                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(00000003,00403113,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                      • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                                                                                                                                                                                                      • API String ID: 2171350718-2295842750
                                                                                                                                                                                                                                                                                                      • Opcode ID: 0464da65b3b0fb722e27dd7c00c1c4fe2859529418db324cb01ce5f6984b35a7
                                                                                                                                                                                                                                                                                                      • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0464da65b3b0fb722e27dd7c00c1c4fe2859529418db324cb01ce5f6984b35a7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                                                      • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                                                                                                      • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                      • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,00000000,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                                                                                                      • CharPrevW.USER32(?,?,76233420,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                      • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                      • API String ID: 589700163-826357637
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                      • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                                                                                                                                                                                                      • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404FBC
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                                                      • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                      • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,?,00405701,Remove folder: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\,00000000), ref: 004068A4
                                                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                                                                      • API String ID: 2584051700-76309092
                                                                                                                                                                                                                                                                                                      • Opcode ID: d4ebb59e3747c496bbb0b8495b1d452e7e3cb75c4ea0bfcbdce7c5ec4ed86105
                                                                                                                                                                                                                                                                                                      • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4ebb59e3747c496bbb0b8495b1d452e7e3cb75c4ea0bfcbdce7c5ec4ed86105
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00402FE5
                                                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                                                                      • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                                                                                      • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c369480bc1516c4e59ae97950a42f51b50d9197be78fd5b8da22ebc7af94fdfd
                                                                                                                                                                                                                                                                                                      • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c369480bc1516c4e59ae97950a42f51b50d9197be78fd5b8da22ebc7af94fdfd
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00423748), ref: 00404F2E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                                                      • String ID: %u.%u%s%s$H7B
                                                                                                                                                                                                                                                                                                      • API String ID: 3540041739-107966168
                                                                                                                                                                                                                                                                                                      • Opcode ID: 06562b76f01186dc19281c974dacb5df2f2ee839886f9877e266745cac7e33a7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06562b76f01186dc19281c974dacb5df2f2ee839886f9877e266745cac7e33a7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1354259210-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                                                                                                                                                                                                      • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                                                                                                                                                                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                                                                                                      • API String ID: 2659869361-3936084776
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dll), ref: 00402695
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: lstrlen
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp$C:\Users\user\AppData\Local\Temp\nsr9AF7.tmp\inetc.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 1659193697-3422660752
                                                                                                                                                                                                                                                                                                      • Opcode ID: deb6aecb68a4fcc871865c33c7eb0d229bd94635ca94da12f7e7702f6dba88c5
                                                                                                                                                                                                                                                                                                      • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: deb6aecb68a4fcc871865c33c7eb0d229bd94635ca94da12f7e7702f6dba88c5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                                                      • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                                                                                                      • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nso7806.exe,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 00405F89
                                                                                                                                                                                                                                                                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\nso7806.exe,C:\Users\user\Desktop\nso7806.exe,80000000,00000003), ref: 00405F99
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CharPrevlstrlen
                                                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                                                                                                      • API String ID: 2709904686-3125694417
                                                                                                                                                                                                                                                                                                      • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                                                                      • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004060E5
                                                                                                                                                                                                                                                                                                      • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.2732874118.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732838729.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732917179.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2732948120.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.2733208586.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_nso7806.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                      Function 00007FFCE008D380 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000014.00000003.2945971258.00007FFCE008C000.00000040.00001000.00020000.00000000.sdmp, Offset: 00007FFCE008C000, based on PE: false
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_20_3_7ffce008c000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID: %R}
                                                                                                                                                                                                                                                                                                      • API String ID: 0-1744727886
                                                                                                                                                                                                                                                                                                      • Opcode ID: dced66bc3431cef00d465e64297e59c608dc2e4c3e054aa210ad90e9c16ccd6a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3088ab2d6d99c4e2c52e8b91b70a6fdd6ac4c5c0716525188bb46b084e1e68a3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: dced66bc3431cef00d465e64297e59c608dc2e4c3e054aa210ad90e9c16ccd6a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1311E970A14A189FDB55DF5CEC86EECBBF0FF18300F040169E919D7256DA34A8918B50
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FFCE00D03C0 Relevance: .7, Instructions: 698COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000014.00000003.2946218633.00007FFCE00CC000.00000040.00001000.00020000.00000000.sdmp, Offset: 00007FFCE00CC000, based on PE: false
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_20_3_7ffce00cc000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 18bec1c6209c2ff45fff5b0e9bd48baf75b2deb9a198e57991ce271276561158
                                                                                                                                                                                                                                                                                                      • Instruction ID: fc7d03a90ec81d5e56577e8ca9c2762f78509bce97a62bfc9dc969e10c4ba62d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18bec1c6209c2ff45fff5b0e9bd48baf75b2deb9a198e57991ce271276561158
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9428C30918A2D8FEB55DB98C895BECB7F0FF48310F1005B9D45DE7292CA38A981DB61
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FFCE00AC500 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000014.00000003.2945971258.00007FFCE00AC000.00000040.00001000.00020000.00000000.sdmp, Offset: 00007FFCE00AC000, based on PE: false
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_20_3_7ffce00ac000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7ee73bdef122cd0f50fed74b546dcd2648821d421be7832800ed82c8d8df2993
                                                                                                                                                                                                                                                                                                      • Instruction ID: 11a883f042816bd2c09a4b0fb66243c26d13000ee2eebcd2fd40ad2b5dc99611
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7ee73bdef122cd0f50fed74b546dcd2648821d421be7832800ed82c8d8df2993
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD514030A18A1D9FDB55DF58D895FE8B7F0FF48300F1401A9E519D7296CA38B891CB91
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FFCE00AC380 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000014.00000003.2945971258.00007FFCE00AC000.00000040.00001000.00020000.00000000.sdmp, Offset: 00007FFCE00AC000, based on PE: false
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_20_3_7ffce00ac000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3fb066a7bb336443de50b6a8f1466023bd6e75dcc40013b3c68b040cc982ca70
                                                                                                                                                                                                                                                                                                      • Instruction ID: 94aaef2b9294a0a1301a8f2eb7696e1c5f4cb2dbd4b2874ad3bf7945fa598528
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb066a7bb336443de50b6a8f1466023bd6e75dcc40013b3c68b040cc982ca70
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EF31A130958A298FE769CB0CDC96FF8B7F0FB08710F520175E419D3296CE38A842D695
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                      Execution Coverage:0.9%
                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                      Signature Coverage:0.2%
                                                                                                                                                                                                                                                                                                      Total number of Nodes:1255
                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:32
                                                                                                                                                                                                                                                                                                      execution_graph 101863 d24ee2 101864 d24eee __EH_prolog3 101863->101864 101865 d24f45 101864->101865 101866 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101864->101866 101869 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101865->101869 101989 d25048 101865->101989 101868 d24f0a 101866->101868 101871 d24f4a 101868->101871 101872 d24f0e 101868->101872 101873 d24f74 101869->101873 102076 d1eb9c 99 API calls 7 library calls 101871->102076 101875 d2f3c5 messages 3 API calls 101872->101875 101876 d24f7b 101873->101876 101877 d24f99 101873->101877 101881 d24f18 101875->101881 101882 d2f3c5 messages 3 API calls 101876->101882 102077 d1f203 99 API calls 6 library calls 101877->102077 101879 d24f52 101883 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101879->101883 101880 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101884 d25083 101880->101884 101885 d24f35 101881->101885 102075 d24a44 66 API calls 2 library calls 101881->102075 101888 d24f82 101882->101888 101883->101865 101889 d25087 101884->101889 101890 d250c4 101884->101890 101902 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101885->101902 101886 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101893 d250eb 101886->101893 101887 d25117 101891 d2528c 101887->101891 101894 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101887->101894 101895 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101888->101895 101897 d2f3c5 messages 3 API calls 101889->101897 102082 d1ea72 99 API calls 7 library calls 101890->102082 101983 d2534a 101891->101983 102030 c15c40 101891->102030 101899 d250f1 101893->101899 101900 d2511c 101893->101900 101901 d25145 101894->101901 101903 d24fad 101895->101903 101916 d25091 101897->101916 101908 d2f3c5 messages 3 API calls 101899->101908 102083 d1ec31 99 API calls 6 library calls 101900->102083 101909 d2514b 101901->101909 101910 d25169 101901->101910 101902->101865 101912 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101903->101912 101904 d250cc 101913 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101904->101913 101907 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101919 d25374 101907->101919 101920 d250f8 101908->101920 101921 d2f3c5 messages 3 API calls 101909->101921 102084 d1ed5b 99 API calls 6 library calls 101910->102084 101924 d24fba 101912->101924 101925 d250bf 101913->101925 101914 d25122 101926 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101914->101926 101915 d250a9 101935 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101915->101935 101916->101915 102081 d2e604 66 API calls 3 library calls 101916->102081 101917 d252c2 101928 d2f3c5 messages 3 API calls 101917->101928 101918 d252ed 102091 d1f457 102 API calls 6 library calls 101918->102091 101929 d253a5 101919->101929 101930 d2537a 101919->101930 101937 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101920->101937 101922 d25152 101921->101922 101942 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101922->101942 101931 d24fc1 101924->101931 101932 d24fdf 101924->101932 101925->101886 101925->101887 101926->101887 101933 d252c9 101928->101933 102094 d1e9dd 99 API calls 7 library calls 101929->102094 101934 d2f3c5 messages 3 API calls 101930->101934 101938 d2f3c5 messages 3 API calls 101931->101938 102078 d1f32d 99 API calls 6 library calls 101932->102078 101940 d252e3 101933->101940 102090 d1f7a9 78 API calls 3 library calls 101933->102090 101941 d25381 101934->101941 101935->101925 101937->101887 101944 d24fc8 101938->101944 102036 d1b2ea 101940->102036 101946 d25394 101941->101946 102093 d1f772 66 API calls codecvt 101941->102093 101947 d2517b 101942->101947 101943 d253ab 101949 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101943->101949 101955 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101944->101955 101951 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101946->101951 101952 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101947->101952 101954 d253a0 messages 101949->101954 101951->101954 101956 d25188 101952->101956 101953 d252ff 101957 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101953->101957 101958 d24ff0 101955->101958 101959 d2518f 101956->101959 101960 d251ad 101956->101960 101961 d2530c 101957->101961 101963 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101958->101963 101964 d2f3c5 messages 3 API calls 101959->101964 102085 d1ee85 99 API calls 6 library calls 101960->102085 101965 d25310 101961->101965 101966 d2534f 101961->101966 101968 d24ffd 101963->101968 101969 d25196 101964->101969 102061 d2f3c5 101965->102061 102092 d1f581 104 API calls 6 library calls 101966->102092 101972 d25001 101968->101972 101973 d2504d 101968->101973 101975 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101969->101975 101971 d25357 101976 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101971->101976 101977 d2f3c5 messages 3 API calls 101972->101977 102080 d1f3c2 101 API calls 7 library calls 101973->102080 101982 d251be 101975->101982 101976->101983 101984 d2500b 101977->101984 101979 d2533a 101986 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101979->101986 101980 d25055 101985 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101980->101985 101987 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 101982->101987 101983->101907 101983->101954 101988 d25034 101984->101988 102079 d24a7d 68 API calls 7 library calls 101984->102079 101985->101989 101986->101983 101990 d251cb 101987->101990 101994 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101988->101994 102014 d20160 101989->102014 101992 d251d2 101990->101992 101993 d25215 101990->101993 101995 d2f3c5 messages 3 API calls 101992->101995 102087 d1f044 101 API calls 7 library calls 101993->102087 101994->101989 101997 d251d9 101995->101997 101998 d25205 101997->101998 102086 d248ae 68 API calls 6 library calls 101997->102086 102000 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 101998->102000 102001 d2522a 102000->102001 102002 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102001->102002 102003 d25237 102002->102003 102004 d25291 102003->102004 102005 d2523b 102003->102005 102089 d1efaf 101 API calls 7 library calls 102004->102089 102007 d2f3c5 messages 3 API calls 102005->102007 102009 d25245 102007->102009 102008 d25299 102010 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102008->102010 102011 d25272 102009->102011 102088 d248ae 68 API calls 6 library calls 102009->102088 102010->101891 102013 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102011->102013 102013->101891 102016 d2016c __EH_prolog3_GS 102014->102016 102015 d201f9 102095 d2f77d 102015->102095 102016->102015 102019 d2f3c5 messages 3 API calls 102016->102019 102018 d20201 102018->101880 102018->101925 102020 d20189 102019->102020 102021 d201d0 102020->102021 102098 d2aaeb 66 API calls 2 library calls 102020->102098 102024 d201ec 102021->102024 102109 c15f30 98 API calls 3 library calls 102021->102109 102023 d201a2 102099 c15e50 102023->102099 102024->102015 102110 c196f0 66 API calls collate 102024->102110 102031 c15c49 102030->102031 102032 c15c6f 102030->102032 102033 d1935d std::_Lockit::_Lockit 7 API calls 102031->102033 102032->101917 102032->101918 102034 c15c54 102033->102034 102178 d193b5 102034->102178 102037 d1b2f6 __EH_prolog3 102036->102037 102038 d1935d std::_Lockit::_Lockit 7 API calls 102037->102038 102039 d1b300 std::locale::_Locimp::_Locimp_ctor 102038->102039 102040 d1b3ad 102039->102040 102042 d1b32e 102039->102042 102187 d189e3 102040->102187 102043 d193b5 std::_Lockit::~_Lockit 2 API calls 102042->102043 102044 d1b3a7 messages 102043->102044 102044->101953 102045 d1b3b2 __EH_prolog3 102046 d1b3f8 102045->102046 102047 d1b3ca 102045->102047 102048 d1935d std::_Lockit::_Lockit 7 API calls 102046->102048 102049 c15e50 messages 98 API calls 102047->102049 102054 d1b402 _Yarn 102048->102054 102050 d1b3d7 102049->102050 102051 d1b46a std::locale::_Locimp::_Locimp_ctor 105 API calls 102050->102051 102055 d1b3eb 102051->102055 102052 d1b3f6 messages 102052->101953 102053 d193b5 std::_Lockit::~_Lockit LeaveCriticalSection LeaveCriticalSection 102053->102052 102057 d1b464 102054->102057 102060 d1b424 102054->102060 102056 c15f30 messages 98 API calls 102055->102056 102056->102052 102058 d189e3 Concurrency::cancel_current_task RaiseException 102057->102058 102059 d1b469 102058->102059 102060->102052 102060->102053 102063 d2f3ca _Yarn 102061->102063 102062 d2531a 102062->101979 102068 d24bc6 102062->102068 102063->102062 102065 d2f3e6 messages 102063->102065 102194 d47901 EnterCriticalSection LeaveCriticalSection messages 102063->102194 102066 d3126a _com_raise_error RaiseException 102065->102066 102067 d2ff1d 102066->102067 102195 d44a1e 102068->102195 102070 d24bd2 102207 d1f982 14 API calls std::locale::_Locimp::~_Locimp 102070->102207 102072 d24be1 102208 d3b22f 14 API calls ___free_lconv_mon 102072->102208 102074 d24be9 102074->101979 102075->101885 102076->101879 102077->101888 102078->101944 102079->101988 102080->101980 102081->101915 102082->101904 102083->101914 102084->101922 102085->101969 102086->101998 102087->101998 102088->102011 102089->102008 102090->101940 102091->101940 102092->101971 102093->101946 102094->101943 102111 d2f75b 102095->102111 102097 d2f787 102097->102097 102098->102023 102119 d1935d 102099->102119 102102 c15edb 102134 d18a7d 66 API calls 2 library calls 102102->102134 102103 c15ebe 102125 d191eb 102103->102125 102107 c15ee5 102108 d2e604 66 API calls 3 library calls 102108->102021 102109->102024 102110->102015 102112 d2f763 102111->102112 102113 d2f764 IsProcessorFeaturePresent 102111->102113 102112->102097 102115 d2ff5b 102113->102115 102118 d2ff1e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 102115->102118 102117 d3003e 102117->102097 102118->102117 102120 d19373 102119->102120 102121 d1936c 102119->102121 102123 c15e76 102120->102123 102136 d1d126 EnterCriticalSection 102120->102136 102135 d42173 6 API calls 2 library calls 102121->102135 102123->102102 102123->102103 102137 d4209b 102125->102137 102129 d1920f 102130 d1921f 102129->102130 102131 d4209b std::_Locinfo::_Locinfo_dtor 97 API calls 102129->102131 102132 c27170 std::locale::_Locimp::_Locimp 14 API calls 102130->102132 102131->102130 102133 c15ec5 102132->102133 102133->102108 102134->102107 102135->102123 102136->102123 102146 d4986e 102137->102146 102139 d420a8 102140 d41e46 std::_Locinfo::_Locinfo_dtor 97 API calls 102139->102140 102141 d191f7 102140->102141 102142 c27170 102141->102142 102143 c2717e 102142->102143 102145 c27188 _Yarn 102142->102145 102143->102145 102177 d3b22f 14 API calls ___free_lconv_mon 102143->102177 102145->102129 102167 d490d6 5 API calls std::_Locinfo::_Locinfo_dtor 102146->102167 102148 d49873 102168 d490f0 5 API calls std::_Locinfo::_Locinfo_dtor 102148->102168 102150 d49878 102169 d4910a 5 API calls std::_Locinfo::_Locinfo_dtor 102150->102169 102152 d4987d 102170 d49124 5 API calls std::_Locinfo::_Locinfo_dtor 102152->102170 102154 d49882 102171 d4913e 5 API calls std::_Locinfo::_Locinfo_dtor 102154->102171 102156 d49887 102172 d49158 5 API calls std::_Locinfo::_Locinfo_dtor 102156->102172 102158 d4988c 102173 d49172 5 API calls std::_Locinfo::_Locinfo_dtor 102158->102173 102160 d49891 102174 d4918c 5 API calls std::_Locinfo::_Locinfo_dtor 102160->102174 102162 d49896 102175 d491c0 5 API calls std::_Locinfo::_Locinfo_dtor 102162->102175 102164 d4989b 102176 d491a6 5 API calls std::_Locinfo::_Locinfo_dtor 102164->102176 102166 d498a0 102166->102166 102167->102148 102168->102150 102169->102152 102170->102154 102171->102156 102172->102158 102173->102160 102174->102162 102175->102164 102176->102166 102177->102145 102179 d42181 102178->102179 102180 d193bf 102178->102180 102186 d4215c LeaveCriticalSection 102179->102186 102184 d193d2 102180->102184 102185 d1d134 LeaveCriticalSection 102180->102185 102183 d42188 102183->102032 102184->102032 102185->102184 102186->102183 102188 d189f1 Concurrency::cancel_current_task 102187->102188 102191 d3126a 102188->102191 102190 d189ff 102192 d312b1 RaiseException 102191->102192 102193 d31284 102191->102193 102192->102190 102193->102192 102194->102063 102209 d3c780 102195->102209 102198 d450f5 102198->102070 102199 d4510f 102224 d3426c 11 API calls __FrameHandler3::FrameUnwindToState 102199->102224 102201 d45119 102225 d4513a 81 API calls 3 library calls 102201->102225 102203 d45135 102203->102070 102204 d479e3 66 API calls ___std_exception_copy 102205 d44a34 codecvt 102204->102205 102205->102198 102205->102199 102205->102204 102206 d480a0 66 API calls __Getctype 102205->102206 102217 d49b8c 102205->102217 102206->102205 102207->102072 102208->102074 102210 d3c797 102209->102210 102211 d3c79e 102209->102211 102210->102205 102211->102210 102226 d47db5 GetLastError 102211->102226 102218 d49bca 102217->102218 102222 d49b9a _Getvals 102217->102222 102283 d3433d 14 API calls std::_Stofx_v2 102218->102283 102220 d49bb5 RtlAllocateHeap 102221 d49bc8 102220->102221 102220->102222 102221->102205 102222->102218 102222->102220 102282 d47901 EnterCriticalSection LeaveCriticalSection messages 102222->102282 102224->102201 102225->102203 102227 d47dcb 102226->102227 102230 d47dd1 102226->102230 102258 d49512 6 API calls std::_Locinfo::_Locinfo_dtor 102227->102258 102232 d47dd5 SetLastError 102230->102232 102259 d49551 6 API calls std::_Locinfo::_Locinfo_dtor 102230->102259 102231 d47ded 102231->102232 102260 d48fbd 102231->102260 102236 d3c7bf 102232->102236 102237 d47e6a 102232->102237 102253 d48456 102236->102253 102277 d3c9c9 66 API calls __FrameHandler3::FrameUnwindToState 102237->102277 102238 d47e0a 102267 d49551 6 API calls std::_Locinfo::_Locinfo_dtor 102238->102267 102239 d47e1b 102268 d49551 6 API calls std::_Locinfo::_Locinfo_dtor 102239->102268 102244 d47e18 102270 d48d3d 102244->102270 102245 d47e27 102246 d47e42 102245->102246 102247 d47e2b 102245->102247 102276 d47be3 14 API calls std::_Stofx_v2 102246->102276 102269 d49551 6 API calls std::_Locinfo::_Locinfo_dtor 102247->102269 102251 d47e4d 102252 d48d3d ___free_lconv_mon 14 API calls 102251->102252 102252->102232 102254 d3c7d5 102253->102254 102255 d48469 102253->102255 102257 d484b4 75 API calls __strnicoll 102254->102257 102255->102254 102281 d536f1 66 API calls 4 library calls 102255->102281 102257->102210 102258->102230 102259->102231 102266 d48fca _Getvals 102260->102266 102261 d4900a 102279 d3433d 14 API calls std::_Stofx_v2 102261->102279 102262 d48ff5 RtlAllocateHeap 102264 d47e02 102262->102264 102262->102266 102264->102238 102264->102239 102266->102261 102266->102262 102278 d47901 EnterCriticalSection LeaveCriticalSection messages 102266->102278 102267->102244 102268->102245 102269->102244 102271 d48d48 HeapFree 102270->102271 102275 d48d72 102270->102275 102272 d48d5d GetLastError 102271->102272 102271->102275 102273 d48d6a __dosmaperr 102272->102273 102280 d3433d 14 API calls std::_Stofx_v2 102273->102280 102275->102232 102276->102251 102278->102266 102279->102264 102280->102275 102281->102254 102282->102222 102283->102221 102284 c1efb0 102301 d190ee 102284->102301 102286 c1effa 102287 d2f3c5 messages 3 API calls 102286->102287 102288 c1f04a 102287->102288 102313 c2b210 102288->102313 102292 c1f07d 102293 c1f0b6 102292->102293 102295 d1935d std::_Lockit::_Lockit 7 API calls 102292->102295 102294 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102293->102294 102296 c1f0c6 102294->102296 102297 c1f095 102295->102297 102300 c1f0e4 _Yarn 102296->102300 102342 d3b22f 14 API calls ___free_lconv_mon 102296->102342 102298 d193b5 std::_Lockit::~_Lockit 2 API calls 102297->102298 102298->102293 102300->102300 102302 d190fa __EH_prolog3 102301->102302 102303 d1935d std::_Lockit::_Lockit 7 API calls 102302->102303 102304 d19105 102303->102304 102312 d19136 102304->102312 102343 d19280 15 API calls 2 library calls 102304->102343 102306 d193b5 std::_Lockit::~_Lockit 2 API calls 102308 d19173 messages 102306->102308 102307 d19118 102344 d192a3 68 API calls std::locale::_Setgloballocale 102307->102344 102308->102286 102310 d19120 102311 c27170 std::locale::_Locimp::_Locimp 14 API calls 102310->102311 102311->102312 102312->102306 102314 d1935d std::_Lockit::_Lockit 7 API calls 102313->102314 102315 c2b24f 102314->102315 102316 d191eb std::_Locinfo::_Locinfo_ctor 97 API calls 102315->102316 102317 c2b297 102316->102317 102345 d197fd 102317->102345 102322 c2b2dc 102325 c2b2f3 102322->102325 102360 d3b22f 14 API calls ___free_lconv_mon 102322->102360 102328 c2b30a 102325->102328 102361 d3b22f 14 API calls ___free_lconv_mon 102325->102361 102327 c2b321 102330 c2b338 102327->102330 102363 d3b22f 14 API calls ___free_lconv_mon 102327->102363 102328->102327 102362 d3b22f 14 API calls ___free_lconv_mon 102328->102362 102331 c2b34f 102330->102331 102364 d3b22f 14 API calls ___free_lconv_mon 102330->102364 102334 d193b5 std::_Lockit::~_Lockit 2 API calls 102331->102334 102335 c1f05a 102334->102335 102336 d19250 102335->102336 102337 d1925c __EH_prolog3 102336->102337 102338 d2f3c5 messages 3 API calls 102337->102338 102339 d19263 102338->102339 102340 d1927a messages 102339->102340 102381 d18f6c 102339->102381 102340->102292 102342->102300 102343->102307 102344->102310 102346 d19810 codecvt 102345->102346 102365 d421ae 102346->102365 102354 c2b2a0 102355 d19236 102354->102355 102356 d19242 102355->102356 102357 c2b2cc 102355->102357 102358 d4209b std::_Locinfo::_Locinfo_dtor 97 API calls 102356->102358 102357->102322 102359 d3b22f 14 API calls ___free_lconv_mon 102357->102359 102358->102357 102359->102322 102360->102325 102361->102328 102362->102327 102363->102330 102364->102331 102366 d47db5 _unexpected 66 API calls 102365->102366 102367 d421b9 102366->102367 102368 d48456 __Getctype 66 API calls 102367->102368 102369 d19818 102368->102369 102370 d4221f 102369->102370 102371 d47db5 _unexpected 66 API calls 102370->102371 102372 d4222a 102371->102372 102373 d48456 __Getctype 66 API calls 102372->102373 102374 d1981f 102373->102374 102375 d421f8 102374->102375 102376 d47db5 _unexpected 66 API calls 102375->102376 102377 d42203 102376->102377 102378 d48456 __Getctype 66 API calls 102377->102378 102379 d19827 102378->102379 102379->102354 102380 d4218a 66 API calls 2 library calls 102379->102380 102380->102354 102382 d18f78 __EH_prolog3 102381->102382 102383 c27170 std::locale::_Locimp::_Locimp 14 API calls 102382->102383 102384 d18fbf 102383->102384 102387 d1b3b3 102384->102387 102386 d18fca messages 102386->102340 102388 d1b3bf __EH_prolog3 102387->102388 102389 d1b3f8 102388->102389 102390 d1b3ca 102388->102390 102391 d1935d std::_Lockit::_Lockit 7 API calls 102389->102391 102392 c15e50 messages 98 API calls 102390->102392 102398 d1b402 _Yarn 102391->102398 102393 d1b3d7 102392->102393 102404 d1b46a 102393->102404 102395 d1b3f6 messages 102395->102386 102396 d193b5 std::_Lockit::~_Lockit 2 API calls 102396->102395 102400 d1b464 102398->102400 102403 d1b424 102398->102403 102401 d189e3 Concurrency::cancel_current_task RaiseException 102400->102401 102402 d1b469 102401->102402 102403->102395 102403->102396 102405 d1b476 __EH_prolog3 102404->102405 102407 d2c701 102405->102407 102408 d2c70d __EH_prolog3 102407->102408 102501 d2b651 102408->102501 102411 d2c770 102413 d2c7c4 102411->102413 102415 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102411->102415 102412 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102414 d2c736 102412->102414 102418 d2c937 102413->102418 102420 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102413->102420 102416 d2c775 102414->102416 102417 d2c73a 102414->102417 102419 d2c79a 102415->102419 102525 d2b0a2 99 API calls 7 library calls 102416->102525 102421 d2f3c5 messages 3 API calls 102417->102421 102422 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102418->102422 102429 d2c9ef messages 102418->102429 102423 d2c7a0 102419->102423 102424 d2c7c9 102419->102424 102425 d2c7f0 102420->102425 102427 d2c744 102421->102427 102428 d2c965 102422->102428 102430 d2f3c5 messages 3 API calls 102423->102430 102526 d2b137 99 API calls 6 library calls 102424->102526 102431 d2c7f7 102425->102431 102432 d2c815 102425->102432 102435 d2c75c 102427->102435 102524 d2e604 66 API calls 3 library calls 102427->102524 102436 d2c996 102428->102436 102437 d2c96b 102428->102437 102438 d2c7a7 102430->102438 102439 d2f3c5 messages 3 API calls 102431->102439 102527 d2b1cc 99 API calls 6 library calls 102432->102527 102434 d2c77d 102442 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102434->102442 102449 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102435->102449 102534 d2b420 100 API calls 6 library calls 102436->102534 102445 d2f3c5 messages 3 API calls 102437->102445 102452 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102438->102452 102447 d2c7fe 102439->102447 102441 d2c7cf 102443 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102441->102443 102442->102411 102443->102413 102448 d2c972 102445->102448 102450 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102447->102450 102451 d2c98c 102448->102451 102533 d2b54a 76 API calls 3 library calls 102448->102533 102449->102411 102454 d2c828 102450->102454 102453 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102451->102453 102452->102413 102456 d2c9a7 102453->102456 102457 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102454->102457 102458 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102456->102458 102459 d2c835 102457->102459 102460 d2c9b4 102458->102460 102461 d2c85a 102459->102461 102462 d2c83c 102459->102462 102463 d2c9f4 102460->102463 102464 d2c9b8 102460->102464 102528 d2b261 99 API calls 6 library calls 102461->102528 102465 d2f3c5 messages 3 API calls 102462->102465 102535 d2b4b5 104 API calls 6 library calls 102463->102535 102468 d2f3c5 messages 3 API calls 102464->102468 102469 d2c843 102465->102469 102473 d2c9c1 102468->102473 102474 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102469->102474 102470 d2c9fc 102471 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102470->102471 102471->102429 102472 d2c9e3 102477 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102472->102477 102473->102472 102517 d2c6d8 102473->102517 102476 d2c86b 102474->102476 102478 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102476->102478 102477->102429 102479 d2c878 102478->102479 102480 d2c8c4 102479->102480 102481 d2c87f 102479->102481 102530 d2b38b 99 API calls 7 library calls 102480->102530 102482 d2f3c5 messages 3 API calls 102481->102482 102484 d2c886 102482->102484 102485 d2c8b4 102484->102485 102529 d2c5d5 66 API calls 6 library calls 102484->102529 102487 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102485->102487 102488 d2c8d7 102487->102488 102489 c15c40 std::locale::_Locimp::_Locimp_ctor 9 API calls 102488->102489 102490 d2c8e4 102489->102490 102491 d2c8e8 102490->102491 102492 d2c93c 102490->102492 102493 d2f3c5 messages 3 API calls 102491->102493 102532 d2b2f6 99 API calls 7 library calls 102492->102532 102495 d2c8f2 102493->102495 102497 d2c91f 102495->102497 102531 d2c5d5 66 API calls 6 library calls 102495->102531 102496 d2c944 102498 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102496->102498 102500 d1b2ea std::locale::_Locimp::_Locimp_ctor 105 API calls 102497->102500 102498->102418 102500->102418 102502 d2b65d __EH_prolog3_GS 102501->102502 102503 d2b6ea 102502->102503 102505 d2f3c5 messages 3 API calls 102502->102505 102504 d2f77d collate 5 API calls 102503->102504 102506 d2b6f2 102504->102506 102507 d2b67a 102505->102507 102506->102411 102506->102412 102508 d2b6c1 102507->102508 102536 d2aaeb 66 API calls 2 library calls 102507->102536 102510 d2b6dd 102508->102510 102538 c15f30 98 API calls 3 library calls 102508->102538 102510->102503 102539 c196f0 66 API calls collate 102510->102539 102511 d2b693 102513 c15e50 messages 98 API calls 102511->102513 102515 d2b6af 102513->102515 102537 d2e604 66 API calls 3 library calls 102515->102537 102540 d435a2 102517->102540 102519 d2c6e4 102553 d1f982 14 API calls std::locale::_Locimp::~_Locimp 102519->102553 102521 d2c6f3 102554 d3b22f 14 API calls ___free_lconv_mon 102521->102554 102523 d2c6fb 102523->102472 102524->102435 102525->102434 102526->102441 102527->102447 102528->102469 102529->102485 102530->102485 102531->102497 102532->102496 102533->102451 102534->102451 102535->102470 102536->102511 102537->102508 102538->102510 102539->102503 102541 d44a1e 102540->102541 102542 d3c780 __strnicoll 75 API calls 102541->102542 102549 d44a34 codecvt 102542->102549 102543 d49b8c _Getvals 15 API calls 102543->102549 102544 d4510f 102555 d3426c 11 API calls __FrameHandler3::FrameUnwindToState 102544->102555 102546 d45119 102556 d4513a 81 API calls 3 library calls 102546->102556 102548 d45135 102548->102519 102549->102543 102549->102544 102550 d479e3 66 API calls ___std_exception_copy 102549->102550 102551 d480a0 66 API calls __Getctype 102549->102551 102552 d450f5 102549->102552 102550->102549 102551->102549 102552->102519 102553->102521 102554->102523 102555->102546 102556->102548 102557 c302e0 102558 c30460 102557->102558 102559 c3030b WinHttpConnect 102557->102559 102559->102558 102561 c30333 102559->102561 102584 c19950 102561->102584 102564 c30475 102602 d18d0e 102564->102602 102565 c3034e GetTickCount64 102566 c3036a 102565->102566 102569 c3038c WinHttpOpenRequest 102566->102569 102572 c303c6 102569->102572 102575 c30442 WinHttpCloseHandle 102572->102575 102576 c303d5 WinHttpSendRequest 102572->102576 102579 c3043b WinHttpCloseHandle 102576->102579 102580 c303ee WinHttpReceiveResponse 102576->102580 102579->102575 102599 d1c360 102580->102599 102583 c3040c __Mtx_unlock 102583->102579 102585 c19966 102584->102585 102597 c199ac 102584->102597 102617 d2f504 6 API calls 102585->102617 102586 c19a2a 102586->102564 102586->102565 102589 c19970 102591 c1997c GetProcessHeap 102589->102591 102589->102597 102590 c199c7 102590->102586 102594 d2f37f _com_raise_error 65 API calls 102590->102594 102618 d2f37f 102591->102618 102596 c19a20 102594->102596 102623 d2f4ba EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 102596->102623 102597->102586 102622 d2f504 6 API calls 102597->102622 102681 d1c13a 102599->102681 102603 d18d19 102602->102603 102604 d3c9c9 102603->102604 102605 d18d2c 102603->102605 102702 d4d773 EnterCriticalSection LeaveCriticalSection __FrameHandler3::FrameUnwindToState 102604->102702 102701 d18d3b 66 API calls _com_raise_error 102605->102701 102608 d3c9ce 102609 d3c9d9 102608->102609 102703 d4d7b8 66 API calls 6 library calls 102608->102703 102611 d3c9e3 IsProcessorFeaturePresent 102609->102611 102612 d3ca02 102609->102612 102613 d3c9ef 102611->102613 102705 d411cf 66 API calls __FrameHandler3::FrameUnwindToState 102612->102705 102704 d34043 8 API calls 3 library calls 102613->102704 102616 d3ca0c 102617->102589 102624 d2f352 102618->102624 102621 d2f4ba EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 102621->102597 102622->102590 102623->102586 102625 d2f361 102624->102625 102626 d2f368 102624->102626 102630 d47705 102625->102630 102633 d47782 102626->102633 102629 c199a2 102629->102621 102631 d47782 _com_raise_error 66 API calls 102630->102631 102632 d47717 102631->102632 102632->102629 102636 d474ce 102633->102636 102637 d474da __FrameHandler3::FrameUnwindToState 102636->102637 102644 d42114 EnterCriticalSection 102637->102644 102639 d474e8 102645 d47529 102639->102645 102641 d474f5 102655 d4751d LeaveCriticalSection std::_Lockit::~_Lockit 102641->102655 102643 d47506 102643->102629 102644->102639 102646 d47544 102645->102646 102651 d475b7 _com_raise_error 102645->102651 102647 d47597 102646->102647 102646->102651 102656 d41dd9 102646->102656 102648 d41dd9 _com_raise_error 66 API calls 102647->102648 102647->102651 102650 d475ad 102648->102650 102653 d48d3d ___free_lconv_mon 14 API calls 102650->102653 102651->102641 102652 d4758d 102654 d48d3d ___free_lconv_mon 14 API calls 102652->102654 102653->102651 102654->102647 102655->102643 102657 d41de6 102656->102657 102660 d41e01 102656->102660 102658 d41df2 102657->102658 102657->102660 102677 d3433d 14 API calls std::_Stofx_v2 102658->102677 102659 d41e10 102665 d4ea89 102659->102665 102660->102659 102678 d41da6 66 API calls 2 library calls 102660->102678 102664 d41df7 codecvt 102664->102652 102666 d4ea96 102665->102666 102667 d4eaa1 102665->102667 102669 d49b8c _Getvals 15 API calls 102666->102669 102668 d4eaa9 102667->102668 102675 d4eab2 _Getvals 102667->102675 102670 d48d3d ___free_lconv_mon 14 API calls 102668->102670 102673 d4ea9e 102669->102673 102670->102673 102671 d4eab7 102679 d3433d 14 API calls std::_Stofx_v2 102671->102679 102672 d4eadc RtlReAllocateHeap 102672->102673 102672->102675 102673->102664 102675->102671 102675->102672 102680 d47901 EnterCriticalSection LeaveCriticalSection messages 102675->102680 102677->102664 102678->102659 102679->102673 102680->102675 102682 d1c162 GetCurrentThreadId 102681->102682 102683 d1c19c 102681->102683 102684 d1c16d GetCurrentThreadId 102682->102684 102696 d1c188 102682->102696 102685 d1c1a0 GetCurrentThreadId 102683->102685 102686 d1c1c6 102683->102686 102684->102696 102688 d1c1af 102685->102688 102687 d1c264 GetCurrentThreadId 102686->102687 102690 d1c1e7 102686->102690 102687->102688 102689 d1c2ad GetCurrentThreadId 102688->102689 102688->102696 102689->102696 102699 d18ed0 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 102690->102699 102691 d2f75b _Getvals 5 API calls 102694 c30405 102691->102694 102694->102564 102694->102583 102695 d1c223 GetCurrentThreadId 102695->102688 102697 d1c1f2 __Xtime_diff_to_millis2 102695->102697 102696->102691 102697->102688 102697->102695 102697->102696 102700 d18ed0 GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 102697->102700 102699->102697 102700->102697 102702->102608 102703->102609 102704->102612 102705->102616 102706 c40fe0 102707 c19950 66 API calls 102706->102707 102708 c4101d 102707->102708 102765 d3424f 102708->102765 102770 d3418b 66 API calls _Fputc 102765->102770 102767 d3425e 102771 d3426c 11 API calls __FrameHandler3::FrameUnwindToState 102767->102771 102769 d3426b 102770->102767 102771->102769 102772 bf6b76 102773 bf6b7b 102772->102773 103108 c1a5b0 66 API calls 102773->103108 102775 bf6b90 103109 c1a1b0 102775->103109 102777 bf6bbd 102778 c19950 66 API calls 102777->102778 102779 bf6bc2 102778->102779 102788 bf6e30 102779->102788 103113 c19bc0 102779->103113 102781 bf6c19 103125 c1a5b0 66 API calls 102781->103125 102783 bf6c28 102786 c19950 66 API calls 102783->102786 102784 bf6be7 102784->102781 103141 c19e90 66 API calls 4 library calls 102784->103141 102787 bf6c3b 102786->102787 102787->102788 102790 c19bc0 66 API calls 102787->102790 102796 bf6f51 collate 102788->102796 102800 bf7585 collate 102788->102800 103144 c17420 66 API calls 3 library calls 102788->103144 102797 bf6c5d 102790->102797 102791 d3424f collate 66 API calls 102793 bf7713 102791->102793 102792 bf6c89 103126 c1a5b0 66 API calls 102792->103126 102798 c19140 66 API calls 102793->102798 102794 bf76d1 collate 102796->102800 103145 c118d0 66 API calls 3 library calls 102796->103145 102797->102792 102797->102797 103142 c19e90 66 API calls 4 library calls 102797->103142 102801 bf777c 102798->102801 102799 bf6c98 102805 c19950 66 API calls 102799->102805 102800->102791 102800->102794 102803 c2f6d0 66 API calls 102801->102803 102806 bf7784 102803->102806 102808 bf6cab 102805->102808 102811 c19140 66 API calls 102806->102811 102807 bf6fde 102807->102800 102809 bf6fe9 102807->102809 102808->102788 102810 bf6cb5 102808->102810 103146 c1f660 107 API calls 7 library calls 102809->103146 102814 c19bc0 66 API calls 102810->102814 102812 bf77cf 102811->102812 102817 c19140 66 API calls 102812->102817 102822 bf6ccd 102814->102822 102815 bf7027 103147 c209d0 66 API calls collate 102815->103147 102816 bf6cf9 103127 c35550 102816->103127 102820 bf7815 102817->102820 102824 c2f6d0 66 API calls 102820->102824 102821 bf704f 103148 c1f5e0 66 API calls collate 102821->103148 102822->102816 103143 c19e90 66 API calls 4 library calls 102822->103143 102827 bf781d 102824->102827 102833 c19140 66 API calls 102827->102833 102828 bf705a 103149 c1f660 107 API calls 7 library calls 102828->103149 102830 c1a1b0 66 API calls 102832 bf6d40 102830->102832 102831 bf707d 103150 c209d0 66 API calls collate 102831->103150 102835 c1a1b0 66 API calls 102832->102835 102836 bf786c 102833->102836 102848 bf6d62 102835->102848 102840 c19140 66 API calls 102836->102840 102837 bf70a2 103151 c1f5e0 66 API calls collate 102837->103151 102839 bf70ad ShellExecuteW 102841 c1a1b0 66 API calls 102839->102841 102842 bf78af 102840->102842 102843 bf70d5 102841->102843 102844 c2f6d0 66 API calls 102842->102844 102845 c1a1b0 66 API calls 102843->102845 102846 bf78b7 102844->102846 102847 bf70e4 GetLastError 102845->102847 102852 c19140 66 API calls 102846->102852 102849 bf715c 102847->102849 102850 bf70f2 102847->102850 103156 c19140 102849->103156 103152 c1f660 107 API calls 7 library calls 102850->103152 102855 bf78ff 102852->102855 102854 bf70fd 103153 c209d0 66 API calls collate 102854->103153 102858 c19140 66 API calls 102855->102858 102856 bf718b 103167 c2f6d0 102856->103167 102861 bf7942 102858->102861 102860 bf7125 103154 c1f5e0 66 API calls collate 102860->103154 102865 c2f6d0 66 API calls 102861->102865 102864 bf7130 103155 c4ca70 68 API calls 102864->103155 102868 bf794a 102865->102868 102866 c19140 66 API calls 102869 bf71b9 102866->102869 102874 c19140 66 API calls 102868->102874 102871 c2f6d0 66 API calls 102869->102871 102870 bf714d 102872 c1a1b0 66 API calls 102870->102872 102873 bf71c1 102871->102873 102872->102849 102875 c19140 66 API calls 102873->102875 102877 bf7992 102874->102877 102876 bf71e7 102875->102876 102878 c2f6d0 66 API calls 102876->102878 102880 c19140 66 API calls 102877->102880 102879 bf71ef 102878->102879 102881 c19140 66 API calls 102879->102881 102882 bf79d5 102880->102882 102883 bf7215 102881->102883 102884 c2f6d0 66 API calls 102882->102884 102886 c2f6d0 66 API calls 102883->102886 102885 bf79dd 102884->102885 102889 c19140 66 API calls 102885->102889 102887 bf721d 102886->102887 102888 c19140 66 API calls 102887->102888 102890 bf7243 102888->102890 102891 bf7a1f 102889->102891 102892 c2f6d0 66 API calls 102890->102892 102894 c19140 66 API calls 102891->102894 102893 bf724b 102892->102893 102895 c19950 66 API calls 102893->102895 102896 bf7a62 102894->102896 102900 bf7257 102895->102900 102897 c2f6d0 66 API calls 102896->102897 102898 bf7a6a 102897->102898 102902 c19140 66 API calls 102898->102902 102899 bf72ad 103187 c1b0c0 107 API calls 6 library calls 102899->103187 102900->102899 102975 bf745f 102900->102975 103186 c0fb80 66 API calls collate 102900->103186 102904 bf7ab2 102902->102904 102906 c19140 66 API calls 102904->102906 102905 bf72cf 103188 c1a080 102905->103188 102908 bf7af5 102906->102908 102910 c2f6d0 66 API calls 102908->102910 102909 bf72f3 103205 c2fbc0 102909->103205 102912 bf7afd 102910->102912 102916 c19140 66 API calls 102912->102916 102913 bf7300 102914 c1a080 66 API calls 102913->102914 102915 bf7317 102914->102915 102917 c2fbc0 67 API calls 102915->102917 102918 bf7b4c 102916->102918 102923 bf7326 102917->102923 102919 d2f3c5 messages 3 API calls 102918->102919 102920 bf7b7f 102919->102920 103237 c194f0 66 API calls 2 library calls 102920->103237 102922 bf7baf 103238 c2f960 66 API calls 2 library calls 102922->103238 102925 c19950 66 API calls 102923->102925 102927 bf739d 102925->102927 102926 bf7bb6 103239 c194f0 66 API calls 2 library calls 102926->103239 102932 c19bc0 66 API calls 102927->102932 102927->102975 102929 bf7bd0 103240 c2f960 66 API calls 2 library calls 102929->103240 102931 bf7bd7 103241 c32760 102931->103241 102934 bf73c5 102932->102934 102935 bf73d8 102934->102935 103235 c19e90 66 API calls 4 library calls 102934->103235 102937 c19950 66 API calls 102935->102937 102938 bf73e1 102937->102938 102943 c19bc0 66 API calls 102938->102943 102938->102975 102941 bf7c30 103261 c2f960 66 API calls 2 library calls 102941->103261 102945 bf7409 102943->102945 102944 bf7c38 102946 bf7c53 102944->102946 103262 c19d20 66 API calls 4 library calls 102944->103262 102947 bf741c 102945->102947 103236 c19e90 66 API calls 4 library calls 102945->103236 102952 c19140 66 API calls 102946->102952 102950 c1a080 66 API calls 102947->102950 102951 bf7431 102950->102951 102953 c2fbc0 67 API calls 102951->102953 102955 bf7c89 102952->102955 102954 bf743e 102953->102954 102956 c1a080 66 API calls 102954->102956 103263 c0c4d0 66 API calls messages 102955->103263 102958 bf7452 102956->102958 102960 c2fbc0 67 API calls 102958->102960 102959 bf7ca8 103264 c193a0 66 API calls 2 library calls 102959->103264 102960->102975 102962 bf7cc8 102963 bf7cfc collate 102962->102963 102964 bf8771 102962->102964 103265 c194f0 66 API calls 2 library calls 102963->103265 102965 d3424f collate 66 API calls 102964->102965 102967 bf878a 102965->102967 103320 c0ffb0 66 API calls collate 102967->103320 102968 bf7d71 103266 c2f960 66 API calls 2 library calls 102968->103266 102970 bf7d78 103267 c194f0 66 API calls 2 library calls 102970->103267 102973 bf7d92 103268 c2f960 66 API calls 2 library calls 102973->103268 102974 bf87ae collate 102975->102800 102977 bf7d99 102978 c32760 69 API calls 102977->102978 102979 bf7dad 102978->102979 103269 c194f0 66 API calls 2 library calls 102979->103269 102981 bf7e1c 103270 c2f960 66 API calls 2 library calls 102981->103270 102983 bf7e23 103271 c194f0 66 API calls 2 library calls 102983->103271 102985 bf7e3d 103272 c2f960 66 API calls 2 library calls 102985->103272 102987 bf7e44 102988 c32760 69 API calls 102987->102988 102989 bf7e58 102988->102989 103273 c194f0 66 API calls 2 library calls 102989->103273 102991 bf7ecf 103274 c2f960 66 API calls 2 library calls 102991->103274 102993 bf7ed6 103275 c194f0 66 API calls 2 library calls 102993->103275 102995 bf7ef0 103276 c2f960 66 API calls 2 library calls 102995->103276 102997 bf7ef7 102998 c32760 69 API calls 102997->102998 102999 bf7f0b 102998->102999 103277 c194f0 66 API calls 2 library calls 102999->103277 103001 bf7f76 103278 c2f960 66 API calls 2 library calls 103001->103278 103003 bf7f7e 103004 bf7f99 103003->103004 103279 c19d20 66 API calls 4 library calls 103003->103279 103006 c19140 66 API calls 103004->103006 103007 bf7fce 103006->103007 103280 c0c4d0 66 API calls messages 103007->103280 103009 bf7fef 103281 c193a0 66 API calls 2 library calls 103009->103281 103012 bf8010 collate 103282 c194f0 66 API calls 2 library calls 103012->103282 103013 bf8091 103283 c2f960 66 API calls 2 library calls 103013->103283 103015 bf8099 103016 bf80b4 103015->103016 103284 c19d20 66 API calls 4 library calls 103015->103284 103018 c19140 66 API calls 103016->103018 103019 bf80e9 103018->103019 103285 c0c4d0 66 API calls messages 103019->103285 103021 bf810a 103286 c193a0 66 API calls 2 library calls 103021->103286 103023 bf812b collate 103287 c194f0 66 API calls 2 library calls 103023->103287 103025 bf81ac 103288 c2f960 66 API calls 2 library calls 103025->103288 103027 bf81b4 103028 bf81cf 103027->103028 103289 c19d20 66 API calls 4 library calls 103027->103289 103030 c19140 66 API calls 103028->103030 103031 bf8209 103030->103031 103290 c0c4d0 66 API calls messages 103031->103290 103033 bf822d 103291 c193a0 66 API calls 2 library calls 103033->103291 103035 bf824d collate 103292 c0c300 101 API calls 103035->103292 103037 bf82c9 103293 c194f0 66 API calls 2 library calls 103037->103293 103039 bf82e4 103294 c2f960 66 API calls 2 library calls 103039->103294 103041 bf82eb 103295 c194f0 66 API calls 2 library calls 103041->103295 103043 bf8305 103296 c2f960 66 API calls 2 library calls 103043->103296 103045 bf830c 103297 c329e0 RegCreateKeyW 103045->103297 103049 bf834e 103303 c15ab0 66 API calls 103049->103303 103051 bf83a3 103052 bf8439 collate 103051->103052 103305 c194f0 66 API calls 2 library calls 103051->103305 103055 c19950 66 API calls 103052->103055 103059 bf8550 103055->103059 103056 bf835d 103056->103051 103304 c13870 66 API calls _Yarn 103056->103304 103057 bf83b7 103306 c2f960 66 API calls 2 library calls 103057->103306 103059->102967 103061 bf855a 103059->103061 103060 bf83bf 103062 bf83da 103060->103062 103307 c19d20 66 API calls 4 library calls 103060->103307 103310 c194f0 66 API calls 2 library calls 103061->103310 103065 c19140 66 API calls 103062->103065 103067 bf840f 103065->103067 103066 bf857c 103311 c2f960 66 API calls 2 library calls 103066->103311 103308 c0c4d0 66 API calls messages 103067->103308 103069 bf8584 103312 c192c0 66 API calls 5 library calls 103069->103312 103072 bf841f 103072->103052 103309 c193a0 66 API calls 2 library calls 103072->103309 103073 bf859c 103313 c192c0 66 API calls 5 library calls 103073->103313 103076 bf85ab 103314 c192c0 66 API calls 5 library calls 103076->103314 103078 bf85b9 103315 c192c0 66 API calls 5 library calls 103078->103315 103080 bf85c8 103316 c0eaf0 101 API calls std::ios_base::_Ios_base_dtor 103080->103316 103082 bf85d3 103317 c192c0 66 API calls 5 library calls 103082->103317 103084 bf85e1 RedrawWindow 103086 c1a080 66 API calls 103084->103086 103087 bf864e 103086->103087 103088 c1a1b0 66 API calls 103087->103088 103089 bf867d 103088->103089 103318 c158c0 66 API calls 2 library calls 103089->103318 103091 bf86af std::ios_base::_Ios_base_dtor 103319 c0ffb0 66 API calls collate 103091->103319 103093 bf8704 collate 103094 c1a1b0 66 API calls 103093->103094 103095 bf871c 103094->103095 103096 c1a1b0 66 API calls 103095->103096 103097 bf8727 103096->103097 103098 c1a1b0 66 API calls 103097->103098 103099 bf8732 103098->103099 103100 c1a1b0 66 API calls 103099->103100 103101 bf873d 103100->103101 103102 c1a1b0 66 API calls 103101->103102 103103 bf8748 103102->103103 103104 c1a1b0 66 API calls 103103->103104 103105 bf8753 103104->103105 103106 c1a1b0 66 API calls 103105->103106 103107 bf875e 103106->103107 103108->102775 103110 c1a1dc collate 103109->103110 103111 c1a1bb 103109->103111 103110->102777 103111->103109 103111->103110 103112 d3424f collate 66 API calls 103111->103112 103112->103111 103114 c19c43 103113->103114 103115 c19bd3 103113->103115 103114->102784 103115->103114 103321 c19a40 8 API calls 103115->103321 103117 c19be8 103117->103114 103118 c19bee FindResourceW 103117->103118 103118->103114 103119 c19c02 103118->103119 103322 c19ac0 LoadResource LockResource SizeofResource 103119->103322 103121 c19c0c 103121->103114 103122 c19c33 103121->103122 103323 c19e20 66 API calls 103121->103323 103324 d34350 66 API calls 3 library calls 103122->103324 103125->102783 103126->102799 103128 c1a080 66 API calls 103127->103128 103129 c3557e 103128->103129 103130 c1a080 66 API calls 103129->103130 103131 c35595 103130->103131 103132 c1a080 66 API calls 103131->103132 103133 c355a9 103132->103133 103134 c1a080 66 API calls 103133->103134 103135 c355c6 103134->103135 103136 c1a080 66 API calls 103135->103136 103137 c355dd Sleep 103136->103137 103325 d3cc0a 103137->103325 103139 c35606 Sleep 103140 bf6d18 103139->103140 103140->102830 103141->102781 103142->102792 103143->102816 103144->102796 103145->102807 103146->102815 103147->102821 103148->102828 103149->102831 103150->102837 103151->102839 103152->102854 103153->102860 103154->102864 103155->102870 103157 c19150 103156->103157 103158 c191ce 103156->103158 103160 c1915d _Yarn 103157->103160 103382 c1a3a0 66 API calls 2 library calls 103157->103382 103383 c1a220 66 API calls collate 103158->103383 103160->102856 103163 c191a5 _Yarn 103163->102856 103168 c19950 66 API calls 103167->103168 103171 c2f6ff 103168->103171 103169 c2f80a 103173 d3424f collate 66 API calls 103169->103173 103170 c2f744 103385 c2ef80 103170->103385 103171->103169 103171->103170 103384 c21410 66 API calls 103171->103384 103176 c2f823 103173->103176 103175 c2f755 103177 c19950 66 API calls 103175->103177 103178 c2f76c 103177->103178 103178->103169 103179 c19bc0 66 API calls 103178->103179 103180 c2f78c 103179->103180 103181 c2f798 103180->103181 103394 c18fc0 103180->103394 103181->103169 103183 c2f7be collate 103181->103183 103184 c1a1b0 66 API calls 103183->103184 103185 bf7193 103184->103185 103185->102866 103186->102899 103187->102905 103189 c1a08b 103188->103189 103190 c1a09a 103189->103190 103192 c1a13a 103189->103192 103198 c1a0b7 codecvt 103189->103198 103190->102909 103191 c1a0de 103413 d3433d 14 API calls std::_Stofx_v2 103191->103413 103194 c1a080 66 API calls 103192->103194 103197 c1a156 103194->103197 103195 c1a0fd _Yarn 103195->102909 103196 c1a0e3 103414 d3423f 66 API calls ___std_exception_copy 103196->103414 103197->102909 103198->103191 103198->103195 103201 c1a11f 103198->103201 103200 c1a0ee 103200->102909 103201->103195 103415 d3433d 14 API calls std::_Stofx_v2 103201->103415 103203 c1a128 103416 d3423f 66 API calls ___std_exception_copy 103203->103416 103206 c19950 66 API calls 103205->103206 103207 c2fbf9 103206->103207 103208 d3424f collate 66 API calls 103207->103208 103209 c2fdf8 103208->103209 103210 d3424f collate 66 API calls 103209->103210 103212 c2fdfd 103210->103212 103211 c2fe2b collate 103211->102913 103212->103211 103213 d3424f collate 66 API calls 103212->103213 103214 c2fe50 103213->103214 103417 c10770 66 API calls collate 103214->103417 103235->102935 103236->102947 103237->102922 103238->102926 103239->102929 103240->102931 103242 c19950 66 API calls 103241->103242 103243 c32792 103242->103243 103244 c327a1 RegCreateKeyW 103243->103244 103252 c328de 103243->103252 103245 c32847 103244->103245 103246 c327c8 103244->103246 103247 c19950 66 API calls 103245->103247 103248 c327f0 RegQueryValueExW 103246->103248 103246->103252 103418 c19e20 66 API calls 103246->103418 103249 c3284c 103247->103249 103251 c32810 ___crtCompareStringW 103248->103251 103249->103252 103254 c19bc0 66 API calls 103249->103254 103251->103252 103255 c32824 RegCloseKey 103251->103255 103253 c327ed 103253->103248 103256 c32870 103254->103256 103257 c1a080 66 API calls 103255->103257 103259 bf7beb 103256->103259 103419 c19e90 66 API calls 4 library calls 103256->103419 103257->103259 103260 c194f0 66 API calls 2 library calls 103259->103260 103260->102941 103261->102944 103262->102946 103263->102959 103264->102962 103265->102968 103266->102970 103267->102973 103268->102977 103269->102981 103270->102983 103271->102985 103272->102987 103273->102991 103274->102993 103275->102995 103276->102997 103277->103001 103278->103003 103279->103004 103280->103009 103281->103012 103282->103013 103283->103015 103284->103016 103285->103021 103286->103023 103287->103025 103288->103027 103289->103028 103290->103033 103291->103035 103292->103037 103293->103039 103294->103041 103295->103043 103296->103045 103298 c32a03 RegQueryValueExW 103297->103298 103301 bf8320 103297->103301 103299 c32a23 RegCloseKey 103298->103299 103300 c32a6a RegCloseKey 103298->103300 103299->103301 103300->103301 103302 c0c780 99 API calls 103301->103302 103302->103049 103303->103056 103304->103056 103305->103057 103306->103060 103307->103062 103308->103072 103309->103052 103310->103066 103311->103069 103312->103073 103313->103076 103314->103078 103315->103080 103316->103082 103317->103084 103318->103091 103319->103093 103320->102974 103321->103117 103322->103121 103323->103122 103324->103114 103326 d3cc17 103325->103326 103327 d3cc2c 103325->103327 103350 d3433d 14 API calls std::_Stofx_v2 103326->103350 103341 d3cbba 103327->103341 103331 d3cc1c 103351 d3423f 66 API calls ___std_exception_copy 103331->103351 103332 d3cc44 CreateThread 103334 d3cc83 ResumeThread 103332->103334 103335 d3cc65 GetLastError 103332->103335 103361 d3ca2e 103332->103361 103334->103335 103336 d3cc71 103334->103336 103352 d342e3 14 API calls 2 library calls 103335->103352 103353 d3cb2c 103336->103353 103337 d3cc27 103337->103139 103340 d3cc7d 103340->103139 103342 d48fbd std::_Stofx_v2 14 API calls 103341->103342 103343 d3cbcb 103342->103343 103344 d48d3d ___free_lconv_mon 14 API calls 103343->103344 103345 d3cbd8 103344->103345 103346 d3cbdf GetModuleHandleExW 103345->103346 103347 d3cbfc 103345->103347 103346->103347 103348 d3cb2c 16 API calls 103347->103348 103349 d3cc04 103348->103349 103349->103332 103349->103336 103350->103331 103351->103337 103352->103336 103354 d3cb38 103353->103354 103355 d3cb5c 103353->103355 103356 d3cb47 103354->103356 103357 d3cb3e CloseHandle 103354->103357 103355->103340 103358 d3cb56 103356->103358 103359 d3cb4d FreeLibrary 103356->103359 103357->103356 103360 d48d3d ___free_lconv_mon 14 API calls 103358->103360 103359->103358 103360->103355 103362 d3ca3a __FrameHandler3::FrameUnwindToState 103361->103362 103363 d3ca41 GetLastError ExitThread 103362->103363 103364 d3ca4e 103362->103364 103365 d47db5 _unexpected 66 API calls 103364->103365 103366 d3ca53 103365->103366 103375 d4db14 103366->103375 103368 d3ca6a 103380 d3cd23 17 API calls 103368->103380 103376 d3ca5e 103375->103376 103377 d4db24 __FrameHandler3::FrameUnwindToState 103375->103377 103376->103368 103379 d497fa 5 API calls std::_Locinfo::_Locinfo_dtor 103376->103379 103377->103376 103381 d49384 5 API calls std::_Locinfo::_Locinfo_dtor 103377->103381 103379->103368 103381->103376 103382->103163 103384->103171 103386 d2f3c5 messages 3 API calls 103385->103386 103388 c2efd5 103386->103388 103387 c2f248 collate 103387->103175 103388->103387 103390 c2f12c 103388->103390 103409 c16dc0 66 API calls 3 library calls 103388->103409 103390->103387 103392 c2f1fc 103390->103392 103410 c16dc0 66 API calls 3 library calls 103390->103410 103392->103387 103411 c16dc0 66 API calls 3 library calls 103392->103411 103395 c1902a 103394->103395 103396 c18fcd MultiByteToWideChar 103394->103396 103395->103181 103396->103395 103397 c18fe5 103396->103397 103398 c19000 MultiByteToWideChar 103397->103398 103412 c19e20 66 API calls 103397->103412 103400 c19017 103398->103400 103401 c19039 103398->103401 103400->103181 103402 c19950 64 API calls 103401->103402 103404 c19074 103402->103404 103403 c190b6 103404->103403 103405 c19bc0 64 API calls 103404->103405 103406 c19095 103405->103406 103407 c190a3 103406->103407 103408 c18fc0 64 API calls 103406->103408 103407->103181 103408->103407 103409->103388 103410->103390 103411->103392 103412->103398 103413->103196 103414->103200 103415->103203 103416->103195 103418->103253 103419->103259 103420 d2f1b9 103421 d2f1c2 103420->103421 103428 d2f915 IsProcessorFeaturePresent 103421->103428 103423 d2f1ce 103429 d32a29 10 API calls 2 library calls 103423->103429 103425 d2f1d3 103427 d2f1d7 103425->103427 103430 d32a48 7 API calls 2 library calls 103425->103430 103428->103423 103429->103425 103430->103427 103431 d4999a GetStartupInfoW 103432 d499b7 103431->103432 103433 d49a4b 103431->103433 103432->103433 103437 d4ee49 103432->103437 103435 d499df 103435->103433 103436 d49a0f GetFileType 103435->103436 103436->103435 103438 d4ee55 __FrameHandler3::FrameUnwindToState 103437->103438 103439 d4ee5e 103438->103439 103440 d4ee7f 103438->103440 103458 d3433d 14 API calls std::_Stofx_v2 103439->103458 103450 d42114 EnterCriticalSection 103440->103450 103443 d4ee63 103459 d3423f 66 API calls ___std_exception_copy 103443->103459 103445 d4eeb7 103460 d4eede LeaveCriticalSection std::_Lockit::~_Lockit 103445->103460 103446 d4ee6d 103446->103435 103449 d4ee8b 103449->103445 103451 d4ed99 103449->103451 103450->103449 103452 d48fbd std::_Stofx_v2 14 API calls 103451->103452 103453 d4edab 103452->103453 103457 d4edb8 103453->103457 103461 d496aa 6 API calls std::_Locinfo::_Locinfo_dtor 103453->103461 103454 d48d3d ___free_lconv_mon 14 API calls 103456 d4ee0d 103454->103456 103456->103449 103457->103454 103458->103443 103459->103446 103460->103446 103461->103453 103462 bf4ba0 103463 bf4bc8 _Yarn 103462->103463 103468 c2f5d0 103463->103468 103465 bf4bd9 103466 d2f37f _com_raise_error 66 API calls 103465->103466 103467 bf4be3 103466->103467 103469 c2f632 103468->103469 103470 c2f656 103468->103470 103469->103470 103479 c2ed10 66 API calls 2 library calls 103469->103479 103472 c2ef80 66 API calls 103470->103472 103473 c2f66e 103472->103473 103474 c1a1b0 66 API calls 103473->103474 103476 c2f679 103474->103476 103475 c2f69f collate 103475->103465 103476->103475 103477 d3424f collate 66 API calls 103476->103477 103478 c2f6c3 103477->103478 103479->103469 103480 d4120b 103483 d4103f 103480->103483 103484 d4106c 103483->103484 103485 d4107e 103483->103485 103510 d2fda9 GetModuleHandleW 103484->103510 103495 d40ece 103485->103495 103488 d41071 103488->103485 103511 d41120 GetModuleHandleExW 103488->103511 103490 d410bb 103494 d410d0 103496 d40eda __FrameHandler3::FrameUnwindToState 103495->103496 103517 d42114 EnterCriticalSection 103496->103517 103498 d40ee4 103518 d40f57 103498->103518 103503 d410d6 103544 d41107 103503->103544 103505 d410e0 103506 d410f4 103505->103506 103507 d410e4 GetCurrentProcess TerminateProcess 103505->103507 103508 d41120 __FrameHandler3::FrameUnwindToState 3 API calls 103506->103508 103507->103506 103509 d410fc ExitProcess 103508->103509 103510->103488 103512 d41180 103511->103512 103513 d4115f GetProcAddress 103511->103513 103514 d41186 FreeLibrary 103512->103514 103515 d4107d 103512->103515 103513->103512 103516 d41173 103513->103516 103514->103515 103515->103485 103516->103512 103517->103498 103521 d40f63 __FrameHandler3::FrameUnwindToState 103518->103521 103519 d40ef1 103526 d40f0f 103519->103526 103520 d40fc7 103522 d40fe4 103520->103522 103530 d45cb7 103520->103530 103521->103519 103521->103520 103529 d4771b 14 API calls 3 library calls 103521->103529 103523 d45cb7 __FrameHandler3::FrameUnwindToState 66 API calls 103522->103523 103523->103519 103543 d4215c LeaveCriticalSection 103526->103543 103528 d40efd 103528->103490 103528->103503 103529->103520 103531 d45cc5 103530->103531 103532 d45cde 103530->103532 103531->103532 103534 bf1300 103531->103534 103532->103522 103535 c19140 66 API calls 103534->103535 103536 bf133f 103535->103536 103537 c2f6d0 66 API calls 103536->103537 103538 bf1347 103537->103538 103539 c19140 66 API calls 103538->103539 103540 bf1391 103539->103540 103541 d2f37f _com_raise_error 66 API calls 103540->103541 103542 bf13b6 103541->103542 103542->103531 103543->103528 103547 d4db4e 5 API calls __FrameHandler3::FrameUnwindToState 103544->103547 103546 d4110c __FrameHandler3::FrameUnwindToState 103546->103505 103547->103546 103548 bf3040 103549 c19140 66 API calls 103548->103549 103550 bf3066 103549->103550 103551 c2f6d0 66 API calls 103550->103551 103552 bf3070 103551->103552 103553 d2f37f _com_raise_error 66 API calls 103552->103553 103554 bf307a 103553->103554

                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                      Function 00C302E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WinHttpConnect.WINHTTP(?,?,000001BB,00000000,?,?,?,?,?,00D5EBDD,000000FF), ref: 00C30322
                                                                                                                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 00C3035B
                                                                                                                                                                                                                                                                                                      • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 00C303A6
                                                                                                                                                                                                                                                                                                      • WinHttpSendRequest.WINHTTP(?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C303E2
                                                                                                                                                                                                                                                                                                      • WinHttpReceiveResponse.WINHTTP(?,00000000), ref: 00C303F1
                                                                                                                                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00C30433
                                                                                                                                                                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(?), ref: 00C3043C
                                                                                                                                                                                                                                                                                                      • WinHttpCloseHandle.WINHTTP(?), ref: 00C30445
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Http$CloseHandleRequest$ConnectCount64Mtx_unlockOpenReceiveResponseSendTick
                                                                                                                                                                                                                                                                                                      • String ID: GET
                                                                                                                                                                                                                                                                                                      • API String ID: 3312625477-1805413626
                                                                                                                                                                                                                                                                                                      • Opcode ID: 84c82d36fd9b7d2e692c17de6dbb0496b82032bfdbbbfe5325461ef9af9e70ae
                                                                                                                                                                                                                                                                                                      • Instruction ID: 293b856f451ece25fbf8bd3be471543e57c824edc36d755fa4e66b1b98f3fadb
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84c82d36fd9b7d2e692c17de6dbb0496b82032bfdbbbfe5325461ef9af9e70ae
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB51BE72600B05AFDB20DF64DC55B6AB7B4FF04324F108629EA2697691DB71F950CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C40FE0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 339COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00C4199D
                                                                                                                                                                                                                                                                                                      • invalid_parameters, xrefs: 00C418A3
                                                                                                                                                                                                                                                                                                      • CurrentBuild, xrefs: 00C41941
                                                                                                                                                                                                                                                                                                      • SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, xrefs: 00C419CB
                                                                                                                                                                                                                                                                                                      • BuildNumber, xrefs: 00C4196F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer$HeapProcess
                                                                                                                                                                                                                                                                                                      • String ID: BuildNumber$CurrentBuild$SOFTWARE\Microsoft\Windows NT\CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon$invalid_parameters
                                                                                                                                                                                                                                                                                                      • API String ID: 275895251-2804835013
                                                                                                                                                                                                                                                                                                      • Opcode ID: ac567661360e20e36019f9dc145660aaa44001df9dd76ad26c44bf3f9c8b089e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1d86c8e3dde4c6849fd512b95ac7c5957086c2851a31bacb9ddcd337c8a68b21
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac567661360e20e36019f9dc145660aaa44001df9dd76ad26c44bf3f9c8b089e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AC10470D00248ABDB00DF68C816B9EBBB4FF55724F24826CF815A72D2EB749945CBE1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D24EE2 Relevance: 9.4, APIs: 6, Instructions: 433COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 128 d24ee2-d24efe call d2f78c 131 d24f62-d24f64 128->131 132 d24f00-d24f0c call c15c40 128->132 134 d25062-d25077 call d20160 131->134 135 d24f6a-d24f79 call c15c40 131->135 140 d24f4a-d24f5c call d1eb9c call d1b2ea 132->140 141 d24f0e-d24f20 call d2f3c5 132->141 144 d250d9-d250df 134->144 145 d25079-d25085 call c15c40 134->145 147 d24f7b-d24f88 call d2f3c5 135->147 148 d24f99-d24f9f call d1f203 135->148 179 d24f5f 140->179 159 d24f22-d24f35 call d24a44 141->159 160 d24f37 141->160 153 d25132-d25135 144->153 154 d250e1-d250ef call c15c40 144->154 167 d25087-d25099 call d2f3c5 145->167 168 d250c4-d250d6 call d1ea72 call d1b2ea 145->168 175 d24f95-d24f97 147->175 176 d24f8a-d24f93 147->176 165 d24fa0-d24fbf call d1b2ea call c15c40 148->165 162 d2513b-d25149 call c15c40 153->162 163 d252a9-d252ac 153->163 185 d250f1-d250fe call d2f3c5 154->185 186 d2511c-d2512c call d1ec31 call d1b2ea 154->186 174 d24f39-d24f48 call d1b2ea 159->174 160->174 197 d2514b-d25158 call d2f3c5 162->197 198 d25169-d2516f call d1ed5b 162->198 169 d252b2-d252c0 call c15c40 163->169 170 d25364-d25368 163->170 226 d24fc1-d24fce call d2f3c5 165->226 227 d24fdf-d24fe5 call d1f32d 165->227 204 d250b1 167->204 205 d2509b-d250af call d2e604 167->205 168->144 206 d252c2-d252d6 call d2f3c5 169->206 207 d252ed-d252f3 call d1f457 169->207 183 d2536a-d25378 call c15c40 170->183 184 d253b8-d253bd call d2f769 170->184 174->179 175->165 176->165 179->131 221 d253a5-d253b5 call d1e9dd call d1b2ea 183->221 222 d2537a-d25387 call d2f3c5 183->222 223 d25100-d25109 185->223 224 d2510b 185->224 240 d2512f 186->240 233 d25165-d25167 197->233 234 d2515a-d25163 197->234 235 d25170-d2518d call d1b2ea call c15c40 198->235 212 d250b3-d250c2 call d1b2ea 204->212 205->212 242 d252e5 206->242 243 d252d8-d252e3 call d1f7a9 206->243 247 d252f4-d2530e call d1b2ea call c15c40 207->247 212->144 221->184 253 d25396-d253a3 call d1b2ea 222->253 254 d25389-d25394 call d1f772 222->254 225 d2510d-d2511a call d1b2ea 223->225 224->225 225->240 259 d24fd0-d24fd9 226->259 260 d24fdb-d24fdd 226->260 261 d24fe6-d24fff call d1b2ea call c15c40 227->261 233->235 234->235 274 d2518f-d2519c call d2f3c5 235->274 275 d251ad-d251b3 call d1ee85 235->275 240->153 255 d252e7-d252eb 242->255 243->255 280 d25310-d25322 call d2f3c5 247->280 281 d2534f-d25361 call d1f581 call d1b2ea 247->281 253->184 254->253 255->247 259->261 260->261 289 d25001-d2501a call d2f3c5 261->289 290 d2504d-d2505f call d1f3c2 call d1b2ea 261->290 291 d251a9-d251ab 274->291 292 d2519e-d251a7 274->292 287 d251b4-d251d0 call d1b2ea call c15c40 275->287 298 d25324-d25335 call d24bc6 280->298 299 d2533c 280->299 281->170 317 d251d2-d251e8 call d2f3c5 287->317 318 d25215-d2521c call d1f044 287->318 310 d25036 289->310 311 d2501c-d25034 call d24a7d 289->311 290->134 291->287 292->287 307 d2533a 298->307 302 d2533e-d2534d call d1b2ea 299->302 302->170 307->302 316 d25038-d2504b call d1b2ea 310->316 311->316 316->134 326 d251ea-d2520b call d248ae 317->326 327 d2520d 317->327 328 d2521e-d25239 call d1b2ea call c15c40 318->328 330 d2520f-d25213 326->330 327->330 336 d25291-d252a3 call d1efaf call d1b2ea 328->336 337 d2523b-d25254 call d2f3c5 328->337 330->328 349 d252a6 336->349 343 d25256-d25278 call d248ae 337->343 344 d2527a 337->344 347 d2527c-d2528f call d1b2ea 343->347 344->347 347->349 349->163
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D24EE9
                                                                                                                                                                                                                                                                                                      • ctype.LIBCPMT ref: 00D24F30
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D24A44: __Getctype.LIBCPMT ref: 00D24A53
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1ED5B: __EH_prolog3.LIBCMT ref: 00D1ED62
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1ED5B: std::_Lockit::_Lockit.LIBCPMT ref: 00D1ED6C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1ED5B: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EDDD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EE85: __EH_prolog3.LIBCMT ref: 00D1EE8C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EE85: std::_Lockit::_Lockit.LIBCPMT ref: 00D1EE96
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EE85: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EF07
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F044: __EH_prolog3.LIBCMT ref: 00D1F04B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F044: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F055
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F044: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F0C6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EFAF: __EH_prolog3.LIBCMT ref: 00D1EFB6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EFAF: std::_Lockit::_Lockit.LIBCPMT ref: 00D1EFC0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EFAF: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F031
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: __EH_prolog3.LIBCMT ref: 00D1B2F1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::_Lockit.LIBCPMT ref: 00D1B2FB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1B3A2
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D25064
                                                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00D252DE
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F7A9: __EH_prolog3.LIBCMT ref: 00D1F7B0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F457: __EH_prolog3.LIBCMT ref: 00D1F45E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F457: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F468
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F457: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F4D9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F581: __EH_prolog3.LIBCMT ref: 00D1F588
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F581: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F592
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F581: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F603
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: Concurrency::cancel_current_task.LIBCPMT ref: 00D1B3AD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: __EH_prolog3.LIBCMT ref: 00D1B3BA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E9DD: __EH_prolog3.LIBCMT ref: 00D1E9E4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E9DD: std::_Lockit::_Lockit.LIBCPMT ref: 00D1E9EE
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E9DD: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EA5F
                                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00D250A4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00D2538F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtcollatectypenumpunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 281747047-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7358b42493e4287e68d7f779c7bef5066e3a9b17b081cf16699bcbb6bfdd3043
                                                                                                                                                                                                                                                                                                      • Instruction ID: ecb6c9ab4703f2d18a80d7c032024dcc0790a57a65094090f3fe5483dd587d50
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7358b42493e4287e68d7f779c7bef5066e3a9b17b081cf16699bcbb6bfdd3043
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70E12671800726ABDB15AF60BC42ABF7AB5EF65364F14492DF8546B381DF318C409BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1B2EA Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 352 d1b2ea-d1b30d call d2f78c call d1935d 357 d1b348-d1b368 352->357 358 d1b30f-d1b315 352->358 368 d1b396-d1b3ac call d193b5 call d2f769 357->368 369 d1b36a-d1b381 357->369 359 d1b317-d1b319 358->359 360 d1b31a-d1b32c call d41859 358->360 359->360 365 d1b3ad-d1b3c8 call d189e3 call d2f78c 360->365 366 d1b32e-d1b334 360->366 382 d1b3f8-d1b411 call d1935d 365->382 383 d1b3ca-d1b3e6 call c15e50 call d1b46a 365->383 370 d1b344-d1b346 366->370 369->368 384 d1b383-d1b391 369->384 370->357 371 d1b336-d1b341 370->371 371->370 390 d1b413-d1b422 call d3b224 382->390 391 d1b456 382->391 396 d1b3eb-d1b3f6 call c15f30 383->396 384->368 401 d1b464-d1b469 call d189e3 390->401 402 d1b424-d1b427 390->402 393 d1b45e-d1b463 call d2f769 391->393 394 d1b459 call d193b5 391->394 394->393 396->393 405 d1b452-d1b454 402->405 405->391 406 d1b429-d1b43b 405->406 406->405 408 d1b43d-d1b44f 406->408 408->405
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1B2F1
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1B2FB
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1B3A2
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00D1B3AD
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1B3BA
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 845066630-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ebe354ab6a234e875ed5c54cc17495bf264ddfd21e2a42c39020ce7e870593e7
                                                                                                                                                                                                                                                                                                      • Instruction ID: d0f3a6621a4baf7207a950a790c123df2c9b3419c780ba3e7d1eca67b78d38f5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebe354ab6a234e875ed5c54cc17495bf264ddfd21e2a42c39020ce7e870593e7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46313D34A00615EFDB04EF54D891AACB775FF05320F44842AE926AB3A1DF70AD91DBB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2C701 Relevance: 6.3, APIs: 4, Instructions: 277COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 411 d2c701-d2c72a call d2f78c call d2b651 416 d2c788-d2c78e 411->416 417 d2c72c-d2c738 call c15c40 411->417 419 d2c790-d2c79e call c15c40 416->419 420 d2c7dd-d2c7e0 416->420 425 d2c775-d2c785 call d2b0a2 call d1b2ea 417->425 426 d2c73a-d2c74c call d2f3c5 417->426 434 d2c7a0-d2c7ad call d2f3c5 419->434 435 d2c7c9-d2c7d7 call d2b137 call d1b2ea 419->435 423 d2c952-d2c955 420->423 424 d2c7e6-d2c7f5 call c15c40 420->424 427 d2ca07-d2ca0c call d2f769 423->427 428 d2c95b-d2c969 call c15c40 423->428 442 d2c7f7-d2c804 call d2f3c5 424->442 443 d2c815-d2c81b call d2b1cc 424->443 425->416 446 d2c764 426->446 447 d2c74e-d2c762 call d2e604 426->447 448 d2c996-d2c99c call d2b420 428->448 449 d2c96b-d2c97f call d2f3c5 428->449 459 d2c7ba 434->459 460 d2c7af-d2c7b8 434->460 476 d2c7da 435->476 470 d2c811-d2c813 442->470 471 d2c806-d2c80f 442->471 473 d2c81c-d2c83a call d1b2ea call c15c40 443->473 461 d2c766-d2c773 call d1b2ea 446->461 447->461 474 d2c99d-d2c9b6 call d1b2ea call c15c40 448->474 477 d2c981-d2c98c call d2b54a 449->477 478 d2c98e 449->478 468 d2c7bc-d2c7c7 call d1b2ea 459->468 460->468 461->416 468->476 470->473 471->473 492 d2c85a-d2c860 call d2b261 473->492 493 d2c83c-d2c849 call d2f3c5 473->493 494 d2c9f4-d2ca04 call d2b4b5 call d1b2ea 474->494 495 d2c9b8-d2c9c9 call d2f3c5 474->495 476->420 484 d2c990-d2c994 477->484 478->484 484->474 506 d2c861-d2c87d call d1b2ea call c15c40 492->506 504 d2c856-d2c858 493->504 505 d2c84b-d2c854 493->505 494->427 508 d2c9e5 495->508 509 d2c9cb-d2c9de call d2c6d8 495->509 504->506 505->506 520 d2c8c4-d2c8cb call d2b38b 506->520 521 d2c87f-d2c895 call d2f3c5 506->521 513 d2c9e7-d2c9f2 call d1b2ea 508->513 515 d2c9e3 509->515 513->427 515->513 528 d2c8cd-d2c8e6 call d1b2ea call c15c40 520->528 526 d2c897-d2c8ba call d2c5d5 521->526 527 d2c8bc 521->527 530 d2c8be-d2c8c2 526->530 527->530 536 d2c8e8-d2c901 call d2f3c5 528->536 537 d2c93c-d2c94c call d2b2f6 call d1b2ea 528->537 530->528 542 d2c903-d2c925 call d2c5d5 536->542 543 d2c927 536->543 548 d2c94f 537->548 546 d2c929-d2c93a call d1b2ea 542->546 543->546 546->548 548->423
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2C708
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D2C714
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D2B651: __EH_prolog3_GS.LIBCMT ref: 00D2B658
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D2B651: __Getcoll.LIBCPMT ref: 00D2B6BC
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00D2C757
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D2B4B5: __EH_prolog3.LIBCMT ref: 00D2B4BC
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D2B4B5: std::_Lockit::_Lockit.LIBCPMT ref: 00D2B4C6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D2B4B5: std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B537
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: __EH_prolog3.LIBCMT ref: 00D1B2F1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::_Lockit.LIBCPMT ref: 00D1B2FB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1B3A2
                                                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00D2C987
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_collatenumpunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 613342304-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 05c78b49ee6a56a79f5ea469d18fe9e4e1c2296f091c62e01629da82c6b9a8f4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 31a35a4574c92970dca6d3f3f8c6ddf734edb8ade636e3d7ed0f8ad468abd5c6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 05c78b49ee6a56a79f5ea469d18fe9e4e1c2296f091c62e01629da82c6b9a8f4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED914B71C10331ABD724AF70A801A7F7AA9DFA1764F14992EF855A7342EF708D0097B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C329E0 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 552 c329e0-c32a01 RegCreateKeyW 553 c32a03-c32a21 RegQueryValueExW 552->553 554 c32a29 552->554 555 c32a23 RegCloseKey 553->555 556 c32a6a-c32a72 RegCloseKey 553->556 557 c32a2b-c32a3f 554->557 555->554 556->557 558 c32a41-c32a44 557->558 559 c32a49-c32a58 557->559 558->559 560 c32a62-c32a69 559->560 561 c32a5a-c32a5d 559->561 561->560
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegCreateKeyW.ADVAPI32(80000001,?,?), ref: 00C329F9
                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000004), ref: 00C32A15
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00C32A23
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00C32A6A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Close$CreateQueryValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2495337196-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 02f8f4e840b0618635bf40aa98b8c8dec7a29ceec2565f7d29b456d6ddc162fe
                                                                                                                                                                                                                                                                                                      • Instruction ID: 75448439f70ff7160323b220a477c47e12acbedec57e56b1eb0ec0fb63f0a5e5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02f8f4e840b0618635bf40aa98b8c8dec7a29ceec2565f7d29b456d6ddc162fe
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4F119A71204202AFD7208F28DC48B16BBE8EF95725F148629F864C62A1E734DC04DFA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D3CC0A Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 562 d3cc0a-d3cc15 563 d3cc17-d3cc2b call d3433d call d3423f 562->563 564 d3cc2c-d3cc42 call d3cbba 562->564 569 d3cc72 564->569 570 d3cc44-d3cc63 CreateThread 564->570 574 d3cc75-d3cc82 call d3cb2c 569->574 572 d3cc83-d3cc90 ResumeThread 570->572 573 d3cc65-d3cc71 GetLastError call d342e3 570->573 572->573 578 d3cc92-d3cc96 572->578 573->569 578->574
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,?,Function_0014CA2E,00000000,00000004,00000000), ref: 00D3CC59
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,76230F00), ref: 00D3CC65
                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00D3CC6C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2744730728-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: fd695d3a4b50f885acf32c5fa4414816134e1124f679144647347632e512cf32
                                                                                                                                                                                                                                                                                                      • Instruction ID: b91913b46525495c92a866dc9a2b9b0f1b5de5835db86c151acdbaf15ac5d2b5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd695d3a4b50f885acf32c5fa4414816134e1124f679144647347632e512cf32
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F301F576920304BFDB10ABA4DC06B9FBA69DF817B1F246214F529E61D0DBB0C941D770
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C32760 Relevance: 4.6, APIs: 3, Instructions: 142registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 581 c32760-c32796 call c19950 584 c328de-c328e3 call c1a050 581->584 585 c3279c-c327c6 RegCreateKeyW 581->585 588 c328e8-c328ed call c1a050 584->588 589 c32847-c32850 call c19950 585->589 590 c327c8-c327cd 585->590 593 c328f2-c328ff call c1a050 588->593 589->593 599 c32856-c32872 call c19bc0 589->599 590->588 592 c327d3-c327e2 590->592 595 c327f0-c32815 RegQueryValueExW call d34939 592->595 596 c327e4-c327ed call c19e20 592->596 595->588 606 c3281b-c3281e 595->606 596->595 611 c32882-c3288f 599->611 612 c32874-c3287d call c19e90 599->612 606->588 608 c32824-c3283b RegCloseKey call c1a080 606->608 613 c32840-c32845 608->613 615 c32891-c32894 611->615 616 c32899-c328a9 611->616 612->611 613->611 615->616 617 c328b3-c328c1 616->617 618 c328ab-c328ae 616->618 619 c328c3-c328c6 617->619 620 c328cb-c328dd 617->620 618->617 619->620
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • RegCreateKeyW.ADVAPI32(?,000000FF,?), ref: 00C327BE
                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.KERNELBASE(?,?,00000000,00001000,00000010,00001000), ref: 00C32801
                                                                                                                                                                                                                                                                                                      • RegCloseKey.KERNELBASE(?), ref: 00C32830
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer$CloseCreateHeapProcessQueryValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 294029406-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 93fa9607c366ed948e0b00488463e4c777d0a321008190eff2ee2d58ccd645c6
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a581b1f875edcf02f4c01b3fa04296f31c3aa17ef9f8b0244b63078a1329faa
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93fa9607c366ed948e0b00488463e4c777d0a321008190eff2ee2d58ccd645c6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3B51B031A00606EFDB14DF68CC45BAEFBB5FF45310F008129E919EB291DB309940DBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C1EFB0 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 621 c1efb0-c1f078 call d190ee call d2f3c5 call c2b210 call d19250 629 c1f07d-c1f08a 621->629 630 c1f0bc-c1f0d8 call d1b2ea 629->630 631 c1f08c-c1f09c call d1935d 629->631 638 c1f122-c1f127 630->638 639 c1f0da-c1f0dc 630->639 636 c1f0ae-c1f0b6 call d193b5 631->636 637 c1f09e-c1f0a9 631->637 636->630 637->636 641 c1f146-c1f151 638->641 642 c1f129-c1f132 638->642 643 c1f0e7-c1f0ee 639->643 644 c1f0de-c1f0e4 call d3b22f 639->644 655 c1f153-c1f157 641->655 656 c1f15b-c1f176 641->656 652 c1f134-c1f138 642->652 653 c1f13c-c1f141 642->653 647 c1f0f3-c1f0f7 643->647 644->643 647->647 650 c1f0f9-c1f10e call d3b224 647->650 658 c1f110-c1f11c call d30b90 650->658 659 c1f11f 650->659 652->653 653->641 655->656 658->659 659->638
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D190EE: __EH_prolog3.LIBCMT ref: 00D190F5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D190EE: std::_Lockit::_Lockit.LIBCPMT ref: 00D19100
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D190EE: std::locale::_Setgloballocale.LIBCPMT ref: 00D1911B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D190EE: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1916E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2B210: std::_Lockit::_Lockit.LIBCPMT ref: 00C2B24A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2B210: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C2B292
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2B210: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C2B2C7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2B210: std::_Lockit::~_Lockit.LIBCPMT ref: 00C2B35C
                                                                                                                                                                                                                                                                                                      • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00C1F078
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D19250: __EH_prolog3.LIBCMT ref: 00D19257
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D19250: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D19275
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C1F090
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C1F0B1
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_std::locale::_$H_prolog3LocimpLocimp::_Locinfo::_$Locinfo_ctorLocinfo_dtorNew_Setgloballocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1518915079-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 0023e17edcf146a00ec75ba41499ff7c4f9a776d856a706f3e391a4e9b02356b
                                                                                                                                                                                                                                                                                                      • Instruction ID: ea480a16baad44dd88b4acfaecee602d3d8d9ec4e724aedd104a23dc26944e29
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0023e17edcf146a00ec75ba41499ff7c4f9a776d856a706f3e391a4e9b02356b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C510FB0900B01EFD720DF69C85476AFBF0EF55310F14422DE46A97791EBB1AA84CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D410D6 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000002,?,00D410D0,00D3CA0C,00D3CA0C,?,00000002,5156ADB2,00D3CA0C,00000002), ref: 00D410E7
                                                                                                                                                                                                                                                                                                      • TerminateProcess.KERNEL32(00000000,?,00D410D0,00D3CA0C,00D3CA0C,?,00000002,5156ADB2,00D3CA0C,00000002), ref: 00D410EE
                                                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00D41100
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1254d26dad72760f5a3a814a7fae776dc9e1eda2ffdcd927559d0a6152fff546
                                                                                                                                                                                                                                                                                                      • Instruction ID: c25fd1b5dfcadb2da66e5fc18a9d4570bc53c0ed309c37f6cb4efb3e7c39b5de
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1254d26dad72760f5a3a814a7fae776dc9e1eda2ffdcd927559d0a6152fff546
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80D09235000308BBCF116F60DC0E9893F2AEF44381B048024FA19DA232CFB6D992DAB4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D3CA2E Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00D99760,0000000C), ref: 00D3CA41
                                                                                                                                                                                                                                                                                                      • ExitThread.KERNEL32 ref: 00D3CA48
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1611280651-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c1b4f396caea7ca17fc48e4212166a2bbff683d74a16ab1cc81ada3aaa1ffd3b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 78f56a83f147a2262cc219c8b55fd23b60091470c130a96b1aed132fa94cba32
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1b4f396caea7ca17fc48e4212166a2bbff683d74a16ab1cc81ada3aaa1ffd3b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94F04F71A50204AFDB05EFB0E856B6D7B75FF05711F204159F102A73A2DBB1A901CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C18FC0 Relevance: 2.6, APIs: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000003,00000000,000000FF,000000FF,00000000,00000000,?,000000FF,?,00C1FD6E,000000FF,000000FF,?,00000000,00D5C9D5,000000FF), ref: 00C18FD8
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000003,00000000,000000FF,000000FF,00000000,-00000001,?,000000FF,?,00C1FD6E,000000FF,000000FF,?,00000000,00D5C9D5,000000FF), ref: 00C1900A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 626452242-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c5d999bdd586fccc1af51cb8c6f16dcac42a4423b3bb7aefffca24a112807bed
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d3909e675b790f6bbda2bc2281f3c641e43657b9cbab8c993be4f6a99f8d5a0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c5d999bdd586fccc1af51cb8c6f16dcac42a4423b3bb7aefffca24a112807bed
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4621D231301211AFDB14DF58DC65BAEB7A9EF8A721F10412EF6259B3C0CB715D41A7A1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4EA89 Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 714 d4ea89-d4ea94 715 d4ea96-d4ea9f call d49b8c 714->715 716 d4eaa1-d4eaa7 714->716 724 d4eac5-d4eac7 715->724 717 d4eab2-d4eab5 716->717 718 d4eaa9-d4eab0 call d48d3d 716->718 722 d4eab7-d4eabc call d3433d 717->722 723 d4eadc-d4eaee RtlReAllocateHeap 717->723 730 d4eac2 718->730 722->730 725 d4eaf0 723->725 726 d4eac8-d4eacf call d47437 723->726 729 d4eac4 725->729 726->722 734 d4ead1-d4eada call d47901 726->734 729->724 730->729 734->722 734->723
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D49B8C: RtlAllocateHeap.NTDLL(00000000,00D51B68,4D88C033,?,00D51B68,00000220,?,00D483A8,4D88C033), ref: 00D49BBE
                                                                                                                                                                                                                                                                                                      • RtlReAllocateHeap.NTDLL(00000000,00000000,?,00D477B3,00000000,?,00D41E22,00000000,00D477B3,?,?,?,?,00D475AD,?,?), ref: 00D4EAE6
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a46f8418ffc28fc0f5d4e73151ce97028cca3735fc0f6926e960909f7479ebf3
                                                                                                                                                                                                                                                                                                      • Instruction ID: cb5d154646cffe6ac61b625d3df5ad2f6cfeaa04b0e341db2ddbe3752abb0938
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a46f8418ffc28fc0f5d4e73151ce97028cca3735fc0f6926e960909f7479ebf3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8DF096316552157BDB216B26AC06E7F2758FF91BB0F1C4215F954A71D0DB60D80099B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D48FBD Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 737 d48fbd-d48fc8 738 d48fd6-d48fdc 737->738 739 d48fca-d48fd4 737->739 741 d48ff5-d49006 RtlAllocateHeap 738->741 742 d48fde-d48fdf 738->742 739->738 740 d4900a-d49015 call d3433d 739->740 746 d49017-d49019 740->746 744 d48fe1-d48fe8 call d47437 741->744 745 d49008 741->745 742->741 744->740 750 d48fea-d48ff3 call d47901 744->750 745->746 750->740 750->741
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000008,?,?,?,00D47E02,00000001,00000364,?,00000006,000000FF,?,00D3CA53,00D99760,0000000C), ref: 00D48FFE
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 325ca03274b548173d0bb1a9b171f519e4aeaef8e75d6649a11ac8c5cbe7f5b4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 293778db8c392f3da68a14c783054603e2fe9d5a8d9e9cffbfa6a06b4b77a73d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 325ca03274b548173d0bb1a9b171f519e4aeaef8e75d6649a11ac8c5cbe7f5b4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFF0E23264822467DB311B279C15A6F778DEF427B0F184026E909EA190CF30EC0496F4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D49B8C Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 753 d49b8c-d49b98 754 d49bca-d49bd5 call d3433d 753->754 755 d49b9a-d49b9c 753->755 762 d49bd7-d49bd9 754->762 757 d49bb5-d49bc6 RtlAllocateHeap 755->757 758 d49b9e-d49b9f 755->758 759 d49ba1-d49ba8 call d47437 757->759 760 d49bc8 757->760 758->757 759->754 765 d49baa-d49bb3 call d47901 759->765 760->762 765->754 765->757
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00D51B68,4D88C033,?,00D51B68,00000220,?,00D483A8,4D88C033), ref: 00D49BBE
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8a1a56064701ecb672fb885eddd274a152bf0080bb47104229fb6707abe3cf8d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 84913a12fd0233360f1feba8f0d7f47cc62860a8c9c7e69535262f6a7f128775
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a1a56064701ecb672fb885eddd274a152bf0080bb47104229fb6707abe3cf8d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6E0923124536567D7212767BCA1BAFBA4CEF427B0F190128ED59E66D0CBA0DC0189F5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1B46A Relevance: 1.5, APIs: 1, Instructions: 19COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: H_prolog3
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f53502254d675cfdafa40a02f2f6c63960926800b20255cd45e0c527ddca0706
                                                                                                                                                                                                                                                                                                      • Instruction ID: eb27b2d7ab4488a38ae2e5beb38eb94369988cb34758029397a0b472f9bff607
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f53502254d675cfdafa40a02f2f6c63960926800b20255cd45e0c527ddca0706
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7E01275400249ABEF118F50E846BEE3760EB08368F1C8015FD106B281CB349E80CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                      Function 00C32CF0 Relevance: 82.0, APIs: 16, Strings: 29, Instructions: 3277sleepfilesynchronizationCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,00000000,00000000,?,?), ref: 00C330FE
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,00000000,00000000,?,?,?,?), ref: 00C3323E
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 00C3337E
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,?,?,?,?,?,?,?,?), ref: 00C333C6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D3126A: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,?,00D18A5C,?,00D98170,?,?,main,00000004), ref: 00D312CA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C296C0: ___std_exception_copy.LIBVCRUNTIME ref: 00C29840
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C296C0: ___std_exception_copy.LIBVCRUNTIME ref: 00C298CD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C296C0: ___std_exception_copy.LIBVCRUNTIME ref: 00C298F4
                                                                                                                                                                                                                                                                                                      • CoInitializeEx.OLE32(00000000,00000006,00000000), ref: 00C3381F
                                                                                                                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,00000010,00000010,00000000,00000000), ref: 00C33E38
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000008,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 00C33F4C
                                                                                                                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 00C34187
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19BC0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,00000000,00C19FE7,?,?,00000000,00D5D0DD,000000FF,?,80070057,?,00000000), ref: 00C19BF8
                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00D7BF90), ref: 00C3444F
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,00D7BF90), ref: 00C3445E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,?,?,?,00D7BF90,?,?,?,?,?,?,?,?,00D7BF90), ref: 00C34658
                                                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(?,?,?,?,00D7BF90,?,?,?,?,?,?,?,?,00D7BF90), ref: 00C34671
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,00000010,?,?,?,?,?,?,?,?,?,?,{"app":{"start_menu":{"app_status":{"name":"%ws","status":"%ws"}}}},00000043), ref: 00C34AC0
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000010,?,?,?,?,?,?,?,?,?,?,{"app":{"start_menu":{"app_status":{"name":"%ws","status":"%ws"}}}},00000043), ref: 00C34ACE
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000008,?,?,?,?,?,?,?,?,?,?,?,00000004), ref: 00C34EFE
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Sleep$ErrorFileLast___std_exception_copy$Init_thread_footer$AttributesCloseDeleteDownloadEnvironmentExceptionExecuteExpandFindHandleHeapInitializeObjectProcessRaiseResourceShellSingleStringsWait
                                                                                                                                                                                                                                                                                                      • String ID: %5D=$An error occurred during the installation.$Installer Information$cannot use key() for non-object iterators$delete_error$delete_success$dl_error$dl_error=%d&oid=%d$dl_start$dl_successful$entryApp$exec_error$exec_exit_code=%d&oid=%d$exec_successful$filePath$https://pcapp.store/dl_cta_open.php?guid=%ws&oid=%lu$installed$name$none$oid$oid=%d$oid=%d&link=%ws$params$product$s%5B$url${"app": {"notifications": {"offerIsOpen": false}}}${"app":{"offer": {"offerInfo":{"oid":0,"otype":""}},"hide_window":"offer"}}${"app":{"start_menu":{"app_status":{"name":"%ws","status":"%ws"}}}}
                                                                                                                                                                                                                                                                                                      • API String ID: 150681742-2663665731
                                                                                                                                                                                                                                                                                                      • Opcode ID: c9860817e4153e70f1a39c24a6cba5f34ef4e1c5471f46da6459bd8f5a00c783
                                                                                                                                                                                                                                                                                                      • Instruction ID: d9577094dea68682fee4bf1bf21b7276a400922a46c57063cce5c7e1c61d9006
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9860817e4153e70f1a39c24a6cba5f34ef4e1c5471f46da6459bd8f5a00c783
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E53E270A00649CFDB04DFA8C855BAEF7B1EF45314F24829CE415AB292EB709E45DBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BF8C90 Relevance: 44.4, APIs: 4, Strings: 20, Instructions: 2374filenetworkCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • GetTickCount64.KERNEL32 ref: 00BF93D4
                                                                                                                                                                                                                                                                                                      • URLDownloadToFileW.URLMON(00000000,?,?,00000000,00000000), ref: 00BF9579
                                                                                                                                                                                                                                                                                                      • __Mtx_unlock.LIBCPMT ref: 00BF9EB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C32900: RegCreateKeyW.ADVAPI32(?,80004005,80004005), ref: 00C3292A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C32900: RegSetKeyValueW.ADVAPI32(80004005,00000000,?,00000001,00D7304C,0065006D,?,80004005,80004005,?,?,?,00000000,00D5EEAD,000000FF), ref: 00C3295C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C32900: RegCloseKey.ADVAPI32(80004005,?,80004005,80004005,?,?,?,00000000,00D5EEAD,000000FF,?,80004005,80070057,80004005,00D7304C), ref: 00C32969
                                                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?,00D7BF90), ref: 00BFA4AF
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileInit_thread_footer$CloseCount64CreateDeleteDownloadHeapMtx_unlockProcessTickValue
                                                                                                                                                                                                                                                                                                      • String ID: %ws%ws%ws%d%ws%d%ws%ws%ws%llu$%ws\%ws$&end_v=$&lastid=$&lasttime=$&nocache=$LastID$LastTime$contextual_offer$fa.xml$file_error$https://pcapp.store/notify_app_v2.php?guid=$invalid stoll argument$last_id=%d$periodical$periodical_offer$product$stoll argument out of range${"app": {"notifications": {"offerIsOpen": true}}}${"app":{"offer":{"offerInfo":{"oid":%d,"otype":"periodical"}},"show_window":"offer"}}
                                                                                                                                                                                                                                                                                                      • API String ID: 3480342150-1993266478
                                                                                                                                                                                                                                                                                                      • Opcode ID: b39b1df1e14d9015582ecee1068ae05061f29115c7eaf9890a3730e0dfcb8d38
                                                                                                                                                                                                                                                                                                      • Instruction ID: 51fd868f9ec30e6dd6d4b6edbf63daf29f5ac2d48fdb9e1a9e1f07f7e0003da6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b39b1df1e14d9015582ecee1068ae05061f29115c7eaf9890a3730e0dfcb8d38
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4923E4709006099FDB04DF68C855BADF7F1EF55314F2482ACE419AB2A2EB709E85CF91
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C4B0B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 82memorywindowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,PNG,?,00000000,?,00000000,00C06DEC), ref: 00C4B0BF
                                                                                                                                                                                                                                                                                                      • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,00000000,00C06DEC), ref: 00C4B0CA
                                                                                                                                                                                                                                                                                                      • LockResource.KERNEL32(00000000,?,00000000,?,00000000,00C06DEC), ref: 00C4B0D1
                                                                                                                                                                                                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000,?,00000000,?,00000000,00C06DEC), ref: 00C4B0DC
                                                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,00000000,?,00000000,00C06DEC), ref: 00C4B0E7
                                                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000,?,00000000,?,00000000,00C06DEC), ref: 00C4B0F0
                                                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00C4B102
                                                                                                                                                                                                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00C4B110
                                                                                                                                                                                                                                                                                                      • GdipAlloc.GDIPLUS(00000010), ref: 00C4B11E
                                                                                                                                                                                                                                                                                                      • GdipCreateBitmapFromStreamICM.GDIPLUS ref: 00C4B144
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00C4B150
                                                                                                                                                                                                                                                                                                      • GdipAlloc.GDIPLUS(00000010), ref: 00C4B158
                                                                                                                                                                                                                                                                                                      • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00C4B178
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: GdipGlobalResource$AllocCreateStream$BitmapFromLock$ErrorFindLastLoadSizeofUnlock
                                                                                                                                                                                                                                                                                                      • String ID: PNG
                                                                                                                                                                                                                                                                                                      • API String ID: 311266032-364855578
                                                                                                                                                                                                                                                                                                      • Opcode ID: ade7886f50f4d0e73657a184554c9741af1e47d5ec6df48008e76a758764dd97
                                                                                                                                                                                                                                                                                                      • Instruction ID: ce17ab06597acdc75a54423d67a892689c5be5683c0549a3e129c5adc81d8ced
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ade7886f50f4d0e73657a184554c9741af1e47d5ec6df48008e76a758764dd97
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D02107B2505311AFD7109F65EC58A5BBBE8EF88B65F008829F54AD7350DAB0D8048BB5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C54C80 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 344windowsleepCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetWindowsHookExW.USER32(0000000D,00C54980,00000000,00000000), ref: 00C54DD8
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: SystemParametersInfoW.USER32(00000030,00000000,00000000,00000000), ref: 00C550CD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetSystemMetrics.USER32(00000000), ref: 00C550DB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetSystemMetrics.USER32(00000001), ref: 00C550E1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetWindowRect.USER32(?), ref: 00C5511D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetCursorPos.USER32(00000000), ref: 00C55190
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: MonitorFromPoint.USER32(?,?,00000002), ref: 00C551A0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetMonitorInfoA.USER32(00000000,?), ref: 00C551B8
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: SetRect.USER32(?,?,?,?,?), ref: 00C551D7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: WindowFromPoint.USER32(?,?), ref: 00C551EB
                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(?,?,00000100), ref: 00C54E05
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001), ref: 00C54E65
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00C54E84
                                                                                                                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00C54F8F
                                                                                                                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00C54FA0
                                                                                                                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00C54FAD
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(00000001,00000000,?,00000020,?), ref: 00C54FC9
                                                                                                                                                                                                                                                                                                      • UnhookWindowsHookEx.USER32(?), ref: 00C54FE1
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$MessageRectSystem$FromHookInfoMetricsMonitorPointSleepWindows$CursorDispatchParametersPeekTextTranslateUnhook
                                                                                                                                                                                                                                                                                                      • String ID: :%d}}}$link=$menu_search$open_link
                                                                                                                                                                                                                                                                                                      • API String ID: 2661723790-659656051
                                                                                                                                                                                                                                                                                                      • Opcode ID: 72764bacc6ef15c9468b7d94426fa98277b98aecdda1cf8ec7977a0344296361
                                                                                                                                                                                                                                                                                                      • Instruction ID: c83e17d84ddc31de737f9aaef2fb86912aa8752ff9872e3429fe24849400a422
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72764bacc6ef15c9468b7d94426fa98277b98aecdda1cf8ec7977a0344296361
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 30D1B170A007059FDB14DFA8CC45B9EB7B4FF45314F148258F815AB2A2EB71AAC5CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C30EE0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 264librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetErrorInfo.OLEAUT32(00000000,00000000,?,?,?,00000000,00D5EC30,000000FF), ref: 00C30F2C
                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00C30FA1
                                                                                                                                                                                                                                                                                                      • SysStringLen.OLEAUT32(00000000), ref: 00C31010
                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException,?,?,?,00000000), ref: 00C31073
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00C31079
                                                                                                                                                                                                                                                                                                      • GetErrorInfo.OLEAUT32(00000000,000000FF,?,?,?,00000000), ref: 00C310A0
                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(-000000FF,00000000), ref: 00C3111F
                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,-000000FF,00000000), ref: 00C31125
                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00C31132
                                                                                                                                                                                                                                                                                                      • SetErrorInfo.OLEAUT32(00000000,00000000,?,?,00000000), ref: 00C3119C
                                                                                                                                                                                                                                                                                                      • SetErrorInfo.OLEAUT32(00000000,00000000), ref: 00C311BB
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorInfo$FreeString$Heap$AddressLibraryLoadProcProcess
                                                                                                                                                                                                                                                                                                      • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 580611232-3996158991
                                                                                                                                                                                                                                                                                                      • Opcode ID: b856f537f9d5afc49bd8e1754bbb60b7fe98bbfeb85d611ce0f4f9472e8ecb33
                                                                                                                                                                                                                                                                                                      • Instruction ID: 87d94b49afc4c61eeafdb5d4b860d50b4726b3ef467b2d98d70b21f34d99d92e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b856f537f9d5afc49bd8e1754bbb60b7fe98bbfeb85d611ce0f4f9472e8ecb33
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71919D72A102059FDF24DFA9C851BFFB7B8EF44711F284529E915A7281DB70AA40CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C06220 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 470comCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C06260
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?), ref: 00C06270
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C067D0: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C067E5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C067D0: GetSystemMetrics.USER32(00000000), ref: 00C067F3
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C067D0: GetSystemMetrics.USER32(00000001), ref: 00C067F9
                                                                                                                                                                                                                                                                                                      • WindowFromPoint.USER32(?,?), ref: 00C06330
                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00D668B0,00000000,00000017,00D7BC44,00000000), ref: 00C0647D
                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00C064FE
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • LauncherFrameXAMLWindow, xrefs: 00C063E8
                                                                                                                                                                                                                                                                                                      • SplitViewFrameXAMLWindow, xrefs: 00C0634D
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: System$InfoMetricsParametersWindow$ClearCreateFromInstancePointRectVariant
                                                                                                                                                                                                                                                                                                      • String ID: LauncherFrameXAMLWindow$SplitViewFrameXAMLWindow
                                                                                                                                                                                                                                                                                                      • API String ID: 79650018-4056084508
                                                                                                                                                                                                                                                                                                      • Opcode ID: bd61260c7c5a8868fec306d0d89e515ed14052b3a0c0135e8b1ab8ba946acb91
                                                                                                                                                                                                                                                                                                      • Instruction ID: abc8d9013d5ed5dfe90184b71c7285b4954ce142f8fe4501872c96f235759ef5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd61260c7c5a8868fec306d0d89e515ed14052b3a0c0135e8b1ab8ba946acb91
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6902D430A00209DFDB04DF68C855BEEB7B5FF95314F248298E815AB2D1EB71AE55CB90
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D54652 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00D54964,00000002,00000000,?,?,?,00D54964,?,00000000), ref: 00D546EB
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00D54964,00000002,00000000,?,?,?,00D54964,?,00000000), ref: 00D54714
                                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,00D54964,?,00000000), ref: 00D54729
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                      • String ID: ACP$OCP
                                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7852f4390f5a94b3d5f83862637123233fe849e5d330026f4880dc8fd610e849
                                                                                                                                                                                                                                                                                                      • Instruction ID: 93a3b4f7dddecf4967556d5ec8a6073e4e38ebef5ac0ddf904cf9744539d0df6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7852f4390f5a94b3d5f83862637123233fe849e5d330026f4880dc8fd610e849
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E621A122A04201A7DF34CB14C900BE773A6EB5AB5FB5A4064ED4AD7214E772DDC8C7B2
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D02500 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D02693
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D026B3
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D026D6
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D026F4
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D0270F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 885266447-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: bf9ebe5120d42292c64b2f5908d7fa3c488694f409f8ff4c6ab0aec00ea7db4d
                                                                                                                                                                                                                                                                                                      • Instruction ID: e7daba88d7a03eb58d571edc7b902bc130a0a7ada52c7038cb4061e161242b54
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf9ebe5120d42292c64b2f5908d7fa3c488694f409f8ff4c6ab0aec00ea7db4d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE919D717057129FD7148F399D587A6FBE8BF89714F084229E858C7290EB70D908CBB5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D5482E Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00D54936
                                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000), ref: 00D54974
                                                                                                                                                                                                                                                                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00D54987
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00D549CF
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00D549EA
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 415426439-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 24269201bca1d2c22928d7f83776c223a7f62693c0deace10568210145d7f00e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9db8c08b92f9bb7a3f71ddbdd880b9c0200ebfe3fa856f451790fa0af0fad00d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24269201bca1d2c22928d7f83776c223a7f62693c0deace10568210145d7f00e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8F515F72A00205ABDF10DFA5DC45ABB77B8FF0970AF084469ED54E7191E770DA888B72
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C30AF0 Relevance: 7.6, APIs: 5, Instructions: 109memorywindowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000,00000000,00000000,0000000C,00000000,00000000,00D5A990,000000FF,?,00C31193), ref: 00C30BA3
                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00001300,00000000,?,00000400,?,00000000,00000000,00000000,00000000,0000000C,00000000,00000000,00D5A990,000000FF), ref: 00C30BF4
                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,00000000,00001300,00000000,?,00000400,?,00000000,00000000,00000000,00000000,0000000C,00000000,00000000,00D5A990), ref: 00C30BFA
                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,-00000002,00000000,00000000,00000000,?,00000000,00D5A990,000000FF,?,00D9A3D8,00D9A380,?,00D9A3D8,length,-00000002), ref: 00C30C28
                                                                                                                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,-00000002,00000000,00000000,00000000,?,00000000,00D5A990,000000FF,?,00D9A3D8,00D9A380,?,00D9A3D8,length), ref: 00C30C2E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1606019998-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 98d0ef524ea77bdbc568d4adee12f8f8eac04ae55e27540be9af82ef59b485b0
                                                                                                                                                                                                                                                                                                      • Instruction ID: ac338a6416b02b2061ae1a4d5e2fcc722a597a7754cf0c593398067da48b3547
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98d0ef524ea77bdbc568d4adee12f8f8eac04ae55e27540be9af82ef59b485b0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C416071610204AFEB14CF29D851BA6B7A8EF45738F248259FC289B2D5DB74DA01CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D53EB9 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • GetACP.KERNEL32(?,?,?,?,?,?,00D464B7,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00D53F78
                                                                                                                                                                                                                                                                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00D464B7,?,?,?,00000055,?,-00000050,?,?), ref: 00D53FAF
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00D54112
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                                                                                                      • API String ID: 607553120-905460609
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ecac057412392da94388bc57d88863188325a293d10cf8f57eb9d4438d57a55
                                                                                                                                                                                                                                                                                                      • Instruction ID: fd29976e2a1a7c4e85e7155dae93821acb4a425b1d10bef4f82b142c7e39ec1c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ecac057412392da94388bc57d88863188325a293d10cf8f57eb9d4438d57a55
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F271D771A04306AADF25AB75CC42BAA73A8EF14756F280429FE05D71C1EB74DA888771
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D3FFB0 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 24fb6760fb3f0f8464c66ae1818814c421f1f911997820b82e0b8a1f3ab6c2ca
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1e74225f56d5124578a83a0b4429b747aa909c8fe706559cc0a1c91eaf888733
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 24fb6760fb3f0f8464c66ae1818814c421f1f911997820b82e0b8a1f3ab6c2ca
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3022D71E012199BDF14CFA9D8846AEFBF1FF48314F248269DA19E7341D771A941CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2FC58 Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00D2FC64
                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00D2FD30
                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00D2FD50
                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 00D2FD5A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 33f8f35a8db4b34f9096d3af730b9f0136bf0be457c315056dee7081bd580414
                                                                                                                                                                                                                                                                                                      • Instruction ID: e5726a9a3985e79b99d3462eeca2219fbbacc7fe82e7a5fc7d919b6ac37fa4e6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33f8f35a8db4b34f9096d3af730b9f0136bf0be457c315056dee7081bd580414
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B313875D0131C9BDB21DFA0D989BCDBBB8EF18304F1044AAE409AB250EB709A848F64
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1CDA7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,?,00000002,?,?,?,00C480BF,?,?,?,?,?,?,00D6079D,000000FF), ref: 00D1CDBC
                                                                                                                                                                                                                                                                                                      • FormatMessageA.KERNEL32(00001300,00000000,?,?,00000000,00000000,00000000,?,?,?,00C480BF,?,?), ref: 00D1CDDE
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FormatInfoLocaleMessage
                                                                                                                                                                                                                                                                                                      • String ID: !x-sys-default-locale
                                                                                                                                                                                                                                                                                                      • API String ID: 4235545615-2729719199
                                                                                                                                                                                                                                                                                                      • Opcode ID: ebd262cdda71dd21384621e66d84269e7b1389208df2143865f3d1e54049cf30
                                                                                                                                                                                                                                                                                                      • Instruction ID: 57f90cd66e60314c333cf31797e89ff7732f19c0cf63f1c78b88b9acbfd506ce
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebd262cdda71dd21384621e66d84269e7b1389208df2143865f3d1e54049cf30
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FE039B2261208BFEB049BA0DC0BDBF7A6DEB05751B104119F906D2190E6B1AE0096B0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D542D6 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5432A
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D54374
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5443A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 661929714-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: e3d84bad6860d47169313874939650e106b7289975f37f93a9601eb3698f547a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 45b146e82bd9888f396b219919d35e638bf0f77749025428c65575265b867c5c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3d84bad6860d47169313874939650e106b7289975f37f93a9601eb3698f547a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE6190719402079BEF289F28CD82BBA77A8EF0430AF144179ED09C6585FB74D999CB71
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D34043 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00D3413B
                                                                                                                                                                                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00D34145
                                                                                                                                                                                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00D34152
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 82f21637938d692171ec8dcc603ba22d005441d7b3d39557698de3406af5c663
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4592d3386170e2a9c8a2b4ad4c9f565c4e712193bbe1bf048da3133c27b333e1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 82f21637938d692171ec8dcc603ba22d005441d7b3d39557698de3406af5c663
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1631C4749013289BCB21DF64D889B8DBBB8EF18310F5045EAE41CA7251E7749B858F64
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1D046 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetSystemTimePreciseAsFileTime.KERNEL32(?,00D18EB7,00000000,?,?,?,00D18EE9,00000000,?,?,?,00D1C1F2,00D0E003,00000001,?), ref: 00D1D05F
                                                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,00D18EB7,00000000,?,?,?,00D18EE9,00000000,?,?,?,00D1C1F2,00D0E003,00000001), ref: 00D1D063
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 743729956-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 92d1c0d3e9b00b9765e4e82aad02b1dd73f2d65fc477562cd23336588d369bf8
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3104ff7b37715d270d5ef81c9ef7474a25ad4ba7221aa0a4f98c9c8dd4eb5072
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92d1c0d3e9b00b9765e4e82aad02b1dd73f2d65fc477562cd23336588d369bf8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45D0C932945638AB8A012F94BC055DDBB299A0AB61B084011E906D7221CFA299519BF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4E2BC Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00D4E701,00000000,00000000,00000000), ref: 00D4E5C0
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InformationTimeZone
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 565725191-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 38a8aff49b2ac625fb3010cd61623a138fc0e9c06fdb638585c8244d5467b973
                                                                                                                                                                                                                                                                                                      • Instruction ID: e8bdb8ce2a2e225d8ba7bd3f8e7a5db591083f7c4a9cc37f42ee7dbd2a1c6e99
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38a8aff49b2ac625fb3010cd61623a138fc0e9c06fdb638585c8244d5467b973
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48C1F272D00225BBCB11AF69DC02ABEBBB9FB05750F194066F905E7291E7709E01CBB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2F915 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00D2F92B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2325560087-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 53901873a2a46a5eac1d6d056b23743beb11b891d2b938ef718463895d969031
                                                                                                                                                                                                                                                                                                      • Instruction ID: d0dfc48faf7e94340b3e479911546f6df44f4288b9e23bcc931d5e382f7e122b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53901873a2a46a5eac1d6d056b23743beb11b891d2b938ef718463895d969031
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C515B71A103258FDB28CF58E9857AEB7F1FB58314F28853AD419EB350D3759940CB60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D54529 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00D5457D
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: df818d2d1363c874e27c3a0ff6d806f3fc7a4e7e45b4f83f19911daadd300bd0
                                                                                                                                                                                                                                                                                                      • Instruction ID: 898c179c216b3fd778deccac955e65d82259c67b21691261a78bad28c4441428
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df818d2d1363c874e27c3a0ff6d806f3fc7a4e7e45b4f83f19911daadd300bd0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C721B372614206ABDF289F25DD42ABB33A8EF44319F14007AFD06D7141FB74DD998A71
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D541B0 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00D542D6,00000001,00000000,?,-00000050,?,00D5490A,00000000,?,?,?,00000055,?), ref: 00D54222
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ffc4b9896e6abf4d6d5959933c4d7fa86e5c9260b078338e9a7655ec4491ebc2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5861a0849a850debf97877b5262e01bc58e7c27c586cc01595bd97e6cff4758c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffc4b9896e6abf4d6d5959933c4d7fa86e5c9260b078338e9a7655ec4491ebc2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF11253A2007019FDF189F39C8916BABB91FF84369B18442CED4787B40E371A986CB60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D54758 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00D544F2,00000000,00000000,?), ref: 00D54784
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3736152602-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 42fe7020c5260f7b8b532fdd4204a38db2200408245247caf37c6bec9aadd0ce
                                                                                                                                                                                                                                                                                                      • Instruction ID: d173720769849e4131431196e8f136ba39d97b86ad8e47b6647debfd1e6395e6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42fe7020c5260f7b8b532fdd4204a38db2200408245247caf37c6bec9aadd0ce
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7201D632A00212BBDF2C5A248D066BA3758EB45759F194528ED46A3184EB74FD85C6F1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D5424B Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00D54529,00000001,?,?,-00000050,?,00D548D2,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 00D54295
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f9c2e013dc2131eb8dac99ec6d8bad8cb3ab737ea07a96c40b65ea24b9b044bb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d72b6ff5083570418bc9bd1458edf2f0d31128b12a3702d843ce5350a95c90a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9c2e013dc2131eb8dac99ec6d8bad8cb3ab737ea07a96c40b65ea24b9b044bb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42F0C2362043046FDF145F75A885A7A7B95FF8036DF09442DFD058B680D6B19C868674
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D49027 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D42114: EnterCriticalSection.KERNEL32(?,?,00D47A8D,?,00D999E0,00000008,00D47C51,?,?,?), ref: 00D42123
                                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00D4901A,00000001,00D99AA0,0000000C,00D4948F,00000000), ref: 00D4905F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1272433827-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 97b4ddafbc12a0f533a2b520b02139549214ca1ad773a88e004a417d683c91db
                                                                                                                                                                                                                                                                                                      • Instruction ID: 028f0f8f076c4772af8063e8315f78aba8c3ac0c3305eed4a5341386606f0902
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97b4ddafbc12a0f533a2b520b02139549214ca1ad773a88e004a417d683c91db
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10F03772A003049FDB10DFA9E842BA9BBB0EB09724F10812AF504DB3A1C6769944CF70
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2E6B8 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,00D2C6CD,00000000,000000FF,00000004,00D2B573,000000FF,00000004,00D2B986,00000000,00000000), ref: 00D2E6D1
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f04e5c5a40573ceff6c982dddba444d8b667cb7655afa6b65a0d79e7ae24d37e
                                                                                                                                                                                                                                                                                                      • Instruction ID: e7035ac18665fd0432deaaeea1703d9df7defbb1ad82ebd147ac547b65e18a08
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f04e5c5a40573ceff6c982dddba444d8b667cb7655afa6b65a0d79e7ae24d37e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBE092322A0220A6D7058BBCA91FF6AB7A8D72170FF144941F103D51C1CAE0CA009271
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D54165 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: GetLastError.KERNEL32(?,?,00D3CA53,00D99760,0000000C), ref: 00D47DB9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D47DB5: SetLastError.KERNEL32(00000000), ref: 00D47E5B
                                                                                                                                                                                                                                                                                                      • EnumSystemLocalesW.KERNEL32(00D540BE,00000001,?,?,?,00D5492C,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00D5419C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2417226690-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: cfad566afa4e1cc2a0cbadc1db3a121802208c8b6a26b7d1ca3ececa04504889
                                                                                                                                                                                                                                                                                                      • Instruction ID: bebb9eca511436118506baf14e26991a840bb57804b999402d726e78639b8c3c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cfad566afa4e1cc2a0cbadc1db3a121802208c8b6a26b7d1ca3ececa04504889
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63F0E53630030567CF149F39D845A6A7FA4EFD2729B0A4059EE058B291CB75D9C6C7B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D495EA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00D4702D,?,20001004,00000000,00000002,?,?,00D4661F), ref: 00D4961E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InfoLocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2299586839-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 97c4093491f53dd81f0a8131f5b2e16704d1a00044818e5bbf626f084d8eefe4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 952628649a71dedcfea3d9afb60e0e18a96ebd3a095b2fb6d1f7c3c200580ed6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97c4093491f53dd81f0a8131f5b2e16704d1a00044818e5bbf626f084d8eefe4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CAE04F31500318BBCF122F62EC19E9FBE66EF44750F054010FD05A5262CB72C921ABF4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C4B830 Relevance: 51.2, APIs: 28, Strings: 1, Instructions: 424COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GdipGetImageWidth.GDIPLUS(?,?,?,00000000), ref: 00C4B888
                                                                                                                                                                                                                                                                                                      • GdipGetImageHeight.GDIPLUS(?,00000000), ref: 00C4B8A3
                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(00000000,00000000,00000002), ref: 00C4B8CF
                                                                                                                                                                                                                                                                                                      • GetDpiForMonitor.API-MS-WIN-SHCORE-SCALING-L1-1-1(00000000,00000000,?,?), ref: 00C4B8E0
                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(00000000), ref: 00C4B95B
                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,00000000,00000000), ref: 00C4B9B1
                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(00000000,00000000,00000000), ref: 00C4B9FD
                                                                                                                                                                                                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 00C4BA1F
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(000000FF,?,?,00000000), ref: 00C4BA41
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(FF000000,?,?,00000000), ref: 00C4BA6D
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(FFF6010B,?,?,00000000), ref: 00C4BA92
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(00000000,?,?,00000000), ref: 00C4BAD4
                                                                                                                                                                                                                                                                                                      • GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?,?,00000000), ref: 00C4BAF1
                                                                                                                                                                                                                                                                                                      • GdipCreateFont.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BB23
                                                                                                                                                                                                                                                                                                      • GdipCreateFromHDC.GDIPLUS(00000000,?,?,00000001,00000002,00000000,?,00000000), ref: 00C4BBA5
                                                                                                                                                                                                                                                                                                      • GdipFillRectangleI.GDIPLUS(00000000,00000000,00000000,00000000,?,?,?,00000001,00000002,00000000,?,00000000), ref: 00C4BBC5
                                                                                                                                                                                                                                                                                                      • GdipDrawImageRectI.GDIPLUS(00000000,?,00000000,?,?,?,?,00000001,00000002,00000000,?,00000000), ref: 00C4BBE2
                                                                                                                                                                                                                                                                                                      • GdipDrawString.GDIPLUS(00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BC51
                                                                                                                                                                                                                                                                                                      • GdipDrawString.GDIPLUS(00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BCAA
                                                                                                                                                                                                                                                                                                      • GdipDrawString.GDIPLUS(00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BCFD
                                                                                                                                                                                                                                                                                                      • GdipDrawString.GDIPLUS(00000000,00D7EB4C,000000FF,00000000,?,00000000,00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD58
                                                                                                                                                                                                                                                                                                      • GdipDeleteGraphics.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD5F
                                                                                                                                                                                                                                                                                                      • GdipDeleteFont.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD66
                                                                                                                                                                                                                                                                                                      • GdipDeleteFontFamily.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD6F
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD7E
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD83
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD88
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000,?,00000000), ref: 00C4BD8D
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Gdip$CreateDelete$DrawFill$BrushFontSolidString$FindFromImageWindow$FamilyMonitor$GraphicsHeightNamePixelPointRectRectangleWidth
                                                                                                                                                                                                                                                                                                      • String ID: Arial
                                                                                                                                                                                                                                                                                                      • API String ID: 1300299889-493054409
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8033c7a63558a38ff4cd48bd80543c9415484ca64cf1dd7c90a284c542dc2bfb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 902d7c7392599cbbd338a48e0418e93338dacec83c3469886dade1611a079e02
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8033c7a63558a38ff4cd48bd80543c9415484ca64cf1dd7c90a284c542dc2bfb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C025870D00209AFDB14CFA9CC85BAEBBB9FF49314F14821AF415A72A0DB74A945DF60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0D3F0 Relevance: 42.3, APIs: 23, Strings: 1, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GdipCreateFromHDC.GDIPLUS(?,00000000,?,00000000), ref: 00D0D460
                                                                                                                                                                                                                                                                                                      • GdipSetSmoothingMode.GDIPLUS(00000000,00000004), ref: 00D0D478
                                                                                                                                                                                                                                                                                                      • GdipTranslateWorldTransform.GDIPLUS(00000000), ref: 00D0D4F9
                                                                                                                                                                                                                                                                                                      • GdipScaleWorldTransform.GDIPLUS(00000000), ref: 00D0D51D
                                                                                                                                                                                                                                                                                                      • GdipDrawImageI.GDIPLUS(00000000,00000000,00000000,00000000), ref: 00D0D53F
                                                                                                                                                                                                                                                                                                      • GdipCreateMatrix.GDIPLUS(00000000), ref: 00D0D567
                                                                                                                                                                                                                                                                                                      • GdipSetWorldTransform.GDIPLUS(00000000,00000000), ref: 00D0D578
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(FFFF2929,00000000), ref: 00D0D59D
                                                                                                                                                                                                                                                                                                      • GdipFillEllipse.GDIPLUS(00000000,00000000), ref: 00D0D661
                                                                                                                                                                                                                                                                                                      • GdipCreateSolidFill.GDIPLUS(000000FF,00000000), ref: 00D0D686
                                                                                                                                                                                                                                                                                                      • GdipCreateStringFormat.GDIPLUS(00000000,00000000,?), ref: 00D0D6A4
                                                                                                                                                                                                                                                                                                      • GdipCreateFontFamilyFromName.GDIPLUS(Arial,00000000,?), ref: 00D0D6BF
                                                                                                                                                                                                                                                                                                      • GdipCreateFont.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D6F4
                                                                                                                                                                                                                                                                                                      • GdipSetStringFormatAlign.GDIPLUS(00000000,00000001,?,00000001,00000002,00000000), ref: 00D0D70C
                                                                                                                                                                                                                                                                                                      • GdipDrawString.GDIPLUS(00000000,?,00000000,00000000,?,00000000,00000000,00D73050,00000001,?,00000001,00000002,00000000), ref: 00D0D768
                                                                                                                                                                                                                                                                                                      • GdipDeleteFont.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7C1
                                                                                                                                                                                                                                                                                                      • GdipDeleteFontFamily.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7CA
                                                                                                                                                                                                                                                                                                      • GdipDeleteStringFormat.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7D3
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7E0
                                                                                                                                                                                                                                                                                                      • GdipDeleteBrush.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7E5
                                                                                                                                                                                                                                                                                                      • GdipDeleteMatrix.GDIPLUS(00000000,?,00000001,00000002,00000000), ref: 00D0D7EA
                                                                                                                                                                                                                                                                                                      • GdipFlush.GDIPLUS(00000000,00000000), ref: 00D0D7F3
                                                                                                                                                                                                                                                                                                      • GdipDeleteGraphics.GDIPLUS(00000000), ref: 00D0D7FA
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Gdip$CreateDelete$FontString$FillFormatTransformWorld$BrushDrawFamilyFromMatrixSolid$AlignEllipseFlushGraphicsImageModeNameScaleSmoothingTranslate
                                                                                                                                                                                                                                                                                                      • String ID: Arial
                                                                                                                                                                                                                                                                                                      • API String ID: 4042512338-493054409
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7b408253a5c5c8f95fa64c40a130703a4c7e3e618249a74871d97ad749e09ca0
                                                                                                                                                                                                                                                                                                      • Instruction ID: 189c4ec2a2c411bbdd03e1475cd67a2e1de2ca7dfc397f318cf96f928adae212
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b408253a5c5c8f95fa64c40a130703a4c7e3e618249a74871d97ad749e09ca0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91C16D71E142089FDB11CFB5DC45BADBBB4AF49304F248329E805B72A0E771A885DF60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0DFD0 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 301memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 00D0E15C
                                                                                                                                                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00000400,00000000), ref: 00D0E16E
                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,00000400), ref: 00D0E183
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateHeap$AllocEvent
                                                                                                                                                                                                                                                                                                      • String ID: missing_null_char
                                                                                                                                                                                                                                                                                                      • API String ID: 2366826351-3768348038
                                                                                                                                                                                                                                                                                                      • Opcode ID: c22b10a1042673dcd7b7c58e60f643285035d4e22097eb3cb7dda4ca690a1f64
                                                                                                                                                                                                                                                                                                      • Instruction ID: e0baf877f82913c9a500ca3d33030fcc12234563ff3ae265234185337f7d1d66
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c22b10a1042673dcd7b7c58e60f643285035d4e22097eb3cb7dda4ca690a1f64
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1091F571D40304BBEB109F64DD46B9EBBB8EB05B10F144229FA15BB2D1DBB5A9008BB5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C3F030 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory,?,?,?,?,?,?,?,?,?,?,?,00D5BA10,000000FF), ref: 00C3F098
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00C3F09E
                                                                                                                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(combase.dll,CoIncrementMTAUsage,?,?,?,?,?,?,?,?,?,?,?,00D5BA10,000000FF), ref: 00C3F0D1
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00C3F0D7
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                                                                                                      • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 2574300362-2454113998
                                                                                                                                                                                                                                                                                                      • Opcode ID: 74aee5babb927e3239a7291914b4eee0c85f0bec51eee1d1a599193c13996410
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1df83671918e53de0be07ee1fe734766a5956e21d3cfc90a4c859676e64d038e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74aee5babb927e3239a7291914b4eee0c85f0bec51eee1d1a599193c13996410
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D817C75D10209EFCF14DFA5D851AAEF7B4EF08310F24852DE825B72A1EB71A941CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0CCC0 Relevance: 25.6, APIs: 17, Instructions: 136windowmemoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00D0CCD5
                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00D0CCDD
                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00D0CD06
                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00D0CD18
                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00D0CD28
                                                                                                                                                                                                                                                                                                      • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,40CC0020), ref: 00D0CD4B
                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00D0CD53
                                                                                                                                                                                                                                                                                                      • DeleteDC.GDI32(00000000), ref: 00D0CD5A
                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00D0CD69
                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00D0CD7A
                                                                                                                                                                                                                                                                                                      • GdipAlloc.GDIPLUS(00000010), ref: 00D0CDE9
                                                                                                                                                                                                                                                                                                      • GdipCreateBitmapFromHBITMAP.GDIPLUS(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C0371F), ref: 00D0CE0E
                                                                                                                                                                                                                                                                                                      • GetDC.USER32(00000000), ref: 00D0CE28
                                                                                                                                                                                                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 00D0CE31
                                                                                                                                                                                                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000), ref: 00D0CE47
                                                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00D0CE54
                                                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 00D0CE5E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Create$CompatibleObject$BitmapReleaseSelect$DeleteGdip$AllocFrom
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2431202797-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: cf10aa5a9cea3625aa84f36ef9d861310eb0291de4a45f7913d2d75524130d8d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a2c033796e0a677d67ea8850b8b433f60c187c601a64c53b54bd17dbbafd440
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf10aa5a9cea3625aa84f36ef9d861310eb0291de4a45f7913d2d75524130d8d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D0512431A18702AFC311DF75D984A2ABBE8FF8D315F045629F949E2650E770E890CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0C480 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 433memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ClearVariant$AllocString
                                                                                                                                                                                                                                                                                                      • String ID: Start$StartButton$ToggleButton
                                                                                                                                                                                                                                                                                                      • API String ID: 2502263055-171516405
                                                                                                                                                                                                                                                                                                      • Opcode ID: d13baf05d9bf557c9c9aacba7d1fefe5eb01abcc9f18fbf89c3e1978d43fb049
                                                                                                                                                                                                                                                                                                      • Instruction ID: 6a9684613facb73a7f9efbe2993cc0a1c0291acb84c76e047e614155b5703f0c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d13baf05d9bf557c9c9aacba7d1fefe5eb01abcc9f18fbf89c3e1978d43fb049
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32028070E00249DFDB00DFA8C849BDEBBB4FF19314F148259E804AB391D7759A45CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2DE20 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2DE92
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C2DEDE
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C2DFB3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2E04A
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2E06D
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2E072
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2E077
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2E0A3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2E0C6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2E0E6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2E173
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Concurrency::cancel_current_taskLockit::_Lockit::~_$Locinfo::_$Locinfo_ctorLocinfo_dtor
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name$false$true
                                                                                                                                                                                                                                                                                                      • API String ID: 3080755909-1062449267
                                                                                                                                                                                                                                                                                                      • Opcode ID: ee70e7e104228c79a11dd09cb143e1d5ef8bbb18762454bf484d339cc8bee350
                                                                                                                                                                                                                                                                                                      • Instruction ID: 20137a32e019344e2503a61d6c13d7b90b2b3e1bb038579d3f7d53df4f38a356
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee70e7e104228c79a11dd09cb143e1d5ef8bbb18762454bf484d339cc8bee350
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE91E3B0D00318AFDB20DFA4E951B9EBBB4EF14310F144129E815BB782DB75AA45CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C59BE0 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID: %.16g$%02d$%03d$%04d$%06.3f$%lld$W
                                                                                                                                                                                                                                                                                                      • API String ID: 0-1989508764
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8c9a59ee7d66a242f322e8371712b1d448c73805170405aa06a4ebeeff74f1b7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8ac3cb0d7be99941bdd006b3c2ccc99110e12526dc00b7c0f6bfedbe423c3f43
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c9a59ee7d66a242f322e8371712b1d448c73805170405aa06a4ebeeff74f1b7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AED1FF785083419BD714DF28C842B6FB7E5EFC1706F008A1DFC9696252EB32E98D875A
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C53CD0 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 313comCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00C53F85
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00C53F93
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00C53F9A
                                                                                                                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00C53FDF
                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00D668B0,00000000,00000001,00D668A0,00000000), ref: 00C53FF7
                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00C54004
                                                                                                                                                                                                                                                                                                      • EnumChildWindows.USER32(00000000), ref: 00C5400B
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: System$Metrics$ChildCreateDesktopEnumInfoInitializeInstanceParametersWindowWindows
                                                                                                                                                                                                                                                                                                      • String ID: SearchApp.exe$SearchHost.exe$SearchUI.exe$ShellExperienceHost.exe$StartMenuExperienceHost.exe$explorer.exe
                                                                                                                                                                                                                                                                                                      • API String ID: 2424925383-3335880049
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a50c5000b65a2d218f25de76af7986b6d78fd4d4b32fceb736d1569b23efec1
                                                                                                                                                                                                                                                                                                      • Instruction ID: 052fca75d5f2f803f31549f3672852c6c1afbfd4dd25c9b369c13ad4625caeb0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a50c5000b65a2d218f25de76af7986b6d78fd4d4b32fceb736d1569b23efec1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5D1E270A007459BD700DF68C849B9AB7F0EF45319F24829CF8159B3D2EBB1DA85CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0C9C0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 235registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0CE70: CoCreateInstance.OLE32(00D668B0,00000000,00000017,00D7BC44,00000000), ref: 00D0CEAF
                                                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00D0CAEA
                                                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00000000), ref: 00D0CB38
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ClassCreateCursorInstanceLoadRegister
                                                                                                                                                                                                                                                                                                      • String ID: StartReplace
                                                                                                                                                                                                                                                                                                      • API String ID: 46519805-3907892786
                                                                                                                                                                                                                                                                                                      • Opcode ID: bb7040fa4782b37f87267d8d85d7027310712112097addd4a2308d020bc420b2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 36bfe1e4db82f1e3a6a0b159f93a9bdf750ae59fd3e4576a90fc11ecd0359cc1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bb7040fa4782b37f87267d8d85d7027310712112097addd4a2308d020bc420b2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31A17C71D10709ABDB01DFB8C845BADFBB5BF59314F248319E418AB291E771A891CFA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0D150 Relevance: 21.2, APIs: 14, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • EqualRect.USER32(00000008,00000003), ref: 00D0D1B5
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00D0D1CB
                                                                                                                                                                                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 00D0D1D8
                                                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 00D0D20A
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 00D0D222
                                                                                                                                                                                                                                                                                                      • GetWindow.USER32(?,00000003), ref: 00D0D23A
                                                                                                                                                                                                                                                                                                      • GetWindow.USER32(?,00000003), ref: 00D0D24D
                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000000), ref: 00D0D26B
                                                                                                                                                                                                                                                                                                      • __Xtime_get_ticks.LIBCPMT ref: 00D0D299
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D0D2B3
                                                                                                                                                                                                                                                                                                      • EqualRect.USER32(00000008,?), ref: 00D0D303
                                                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,000000FF,?,?,?,?,00000000), ref: 00D0D35E
                                                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005,?,?,?,?,00000000), ref: 00D0D369
                                                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(00000000,00000000,00000000), ref: 00D0D3D2
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$RectShow$EqualXtime_get_ticks$InvalidateLongUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2538369676-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b5f9e427e99dfb9bdf489301e4a0ba053494b72015bb9154f6456df660bd74f5
                                                                                                                                                                                                                                                                                                      • Instruction ID: e68c075341283175530f3902e2b3c18eefe5920d0b270952fce29668a9926ca3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5f9e427e99dfb9bdf489301e4a0ba053494b72015bb9154f6456df660bd74f5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E71AF71504701AFD320DB79C848B66B7E5FF95314F148A0DF49A962A1DB71F888CB72
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D55D37 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D559F0: CreateFileW.KERNEL32(?,00000000,?,00D55DE0,?,?,00000000,?,00D55DE0,?,0000000C), ref: 00D55A0D
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00D55E4B
                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00D55E52
                                                                                                                                                                                                                                                                                                      • GetFileType.KERNEL32(00000000), ref: 00D55E5E
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00D55E68
                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00D55E71
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00D55E91
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00D48B4C), ref: 00D55FDE
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00D56010
                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00D56017
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                                                                                      • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                      • Opcode ID: a5c1937f63bb517aba708c808e8c661ca762f99e92dd35bd751d90dabc0f126b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a66cad9da719ec00a4d78f2a5b5e36a8aa84d7b6997d6d437ddf36b72f6874e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5c1937f63bb517aba708c808e8c661ca762f99e92dd35bd751d90dabc0f126b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3A12632A146549FCF1A9F68EC62BAE3BB0EB06321F180159FC11EB391D7359906CB71
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C13110 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C1318F
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C131E4
                                                                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 00C131FD
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C13247
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C132E5
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C13333
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C13356
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C13376
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C13403
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$GetctypeLocinfo_ctorLocinfo_dtor
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 810752134-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: ef653923aeb1ea54d5a0450e6c5f0ae51436355bea9adbd77aa8694eaaed23da
                                                                                                                                                                                                                                                                                                      • Instruction ID: aa4c6ad0f7b9122f7b79f4cdce9e5bb8702946b87d20b2c514228f5c94c6d34e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef653923aeb1ea54d5a0450e6c5f0ae51436355bea9adbd77aa8694eaaed23da
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5181A0B1D003599BDB20DF54D851BDEFBB4FF15314F144269E829AB381EB30AA84CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C14980 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C149A3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C149C5
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C149E5
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C14A0F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C14A7D
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C14AC9
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C14AE3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C14B78
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C14B85
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 3375549084-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4dd81a0b81ee45380f22d2ecb9b09cddec1ca7aea02317ae9f4729af88927ef7
                                                                                                                                                                                                                                                                                                      • Instruction ID: b7ca59902f34267662b94c3ad606e8e33acfc7a614793e8d0b394ffc9794cb64
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dd81a0b81ee45380f22d2ecb9b09cddec1ca7aea02317ae9f4729af88927ef7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6471C1B1E002489FDB14DFA4D855BDEBBB4EF05720F184059E815AB381DB34EA45DBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2D9C0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2D9E3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2DA05
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2DA25
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2DA4F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2DABD
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C2DB09
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C2DB23
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2DBB8
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C2DBC5
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 3375549084-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: 097ae41691eff53cc1bea2a474dcf9b2255b83e9007296d1b1c95baa64b442f7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0a3a155ffef9a3d9b482ce773aedc68823d2a2f7b6e045979a6f44c33b678a5b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 097ae41691eff53cc1bea2a474dcf9b2255b83e9007296d1b1c95baa64b442f7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4D617DB4D04258EBDB10DFA4E855B9EBBB4EF24320F144059E815AB381EB74AA45CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C0F300 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C0F323
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C0F345
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C0F365
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C0F38F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C0F3FD
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C0F449
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C0F463
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C0F4F8
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C0F505
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 3375549084-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: 36f737f4c79433213d0751014132517cf08caeeb6f0bdbf1ed90b7034eb85a93
                                                                                                                                                                                                                                                                                                      • Instruction ID: db109cb42c35c760880424526eccdf1f098592a8dc1b459d097f8e01f78f01fd
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36f737f4c79433213d0751014132517cf08caeeb6f0bdbf1ed90b7034eb85a93
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 806162B1D00258ABDB20DFA4D855BDEBBB4EF14360F144029E815EB391DB34EA46CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C550B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,00000000,00000000), ref: 00C550CD
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 00C550DB
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00C550E1
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?), ref: 00C5511D
                                                                                                                                                                                                                                                                                                      • GetCursorPos.USER32(00000000), ref: 00C55190
                                                                                                                                                                                                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 00C551A0
                                                                                                                                                                                                                                                                                                      • GetMonitorInfoA.USER32(00000000,?), ref: 00C551B8
                                                                                                                                                                                                                                                                                                      • SetRect.USER32(?,?,?,?,?), ref: 00C551D7
                                                                                                                                                                                                                                                                                                      • WindowFromPoint.USER32(?,?), ref: 00C551EB
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: System$FromInfoMetricsMonitorPointRectWindow$CursorParameters
                                                                                                                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                                                                                                                      • API String ID: 2315603790-3887548279
                                                                                                                                                                                                                                                                                                      • Opcode ID: 74a3f2cdcc676c958efffe6e7a96aecf4d0d09e473d57d4448258dc193f0f6b2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8192da4a6195b7d671bc2213f20b215f0a8af5aea46bc4f4300cac2045f00f9a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74a3f2cdcc676c958efffe6e7a96aecf4d0d09e473d57d4448258dc193f0f6b2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A841D3316087009BC714CF69CC45B2FBBE5FBC8315F08052DF949D3250DAB1D9498BA2
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C48890 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32 ref: 00C488E7
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000005,?), ref: 00C48939
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00C4894A
                                                                                                                                                                                                                                                                                                      • MonitorFromRect.USER32(?,00000002), ref: 00C48957
                                                                                                                                                                                                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 00C4896B
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(0000000C,?), ref: 00C4898A
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Message$MonitorRect$FromInfoWindow
                                                                                                                                                                                                                                                                                                      • String ID: $$$$$$(
                                                                                                                                                                                                                                                                                                      • API String ID: 3203973389-3668677404
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fa04eeea50c04965596e483238c5abf620ac3a6b0ded271adf7a843ef57d682
                                                                                                                                                                                                                                                                                                      • Instruction ID: d9f139006605552b7c4a34b2be309a7a66202660b35d5a7bb4497702b40ea002
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa04eeea50c04965596e483238c5abf620ac3a6b0ded271adf7a843ef57d682
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B213E718087849FE320DF65C945B5BF7E8FFD9304F105A1EF68492250EBB595888F92
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2C0D0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C2C24E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: ange$array$binary$boolean$discarded$null$object$string
                                                                                                                                                                                                                                                                                                      • API String ID: 2659868963-3125482393
                                                                                                                                                                                                                                                                                                      • Opcode ID: e2de005bd0979a93d48fa44ff1b85d8f40b718f9c9a2c2723137c0365ef8ecb9
                                                                                                                                                                                                                                                                                                      • Instruction ID: c2369f4f5b19e29bf512d3e86956f6ef8088ab99dcc886685f6243f78ce724d3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2de005bd0979a93d48fa44ff1b85d8f40b718f9c9a2c2723137c0365ef8ecb9
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5051C271D103488BDB08CFA8DC8579DBBB1EF55310F24871DE455AB792EBB4A9848BA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D3567B Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                      • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                                                                                                                                      • API String ID: 3732870572-1434680307
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9ad4ec83c8f6ca8d0071c76a8e38cd8ea941eb953a7edbac650703af7e689117
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f1d228eeebfae9e29c2af38641e7415ff921d88a008f20da12557561b3bd7c9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ad4ec83c8f6ca8d0071c76a8e38cd8ea941eb953a7edbac650703af7e689117
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86028D79A00A49DADF20CF69E4847EDF7B6FB40B18FA88119D4157B288D7708E84CB74
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C01340 Relevance: 14.5, APIs: 2, Strings: 6, Instructions: 451sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 00C014C2
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D16C00: WlanOpenHandle.WLANAPI(00000002,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00D62EDD), ref: 00D16C3C
                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,02932E00,?,?,?,?), ref: 00C01791
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: HandleObjectOpenSingleSleepWaitWlan
                                                                                                                                                                                                                                                                                                      • String ID: gmac$nfamily$pcdetails$spots$subs$wlanspots
                                                                                                                                                                                                                                                                                                      • API String ID: 1117259776-3765797918
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e8c9e0f32ca458930370ae391a96cd288fa786fc1a884a44aaa7353a334ed6e
                                                                                                                                                                                                                                                                                                      • Instruction ID: b124eee7559742cfe60f128d2f19249fe8a3a7d3bb4f0561fc249912db53745f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e8c9e0f32ca458930370ae391a96cd288fa786fc1a884a44aaa7353a334ed6e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7F12AF70E016499FDB00DF68C855B9DFBF1EF55314F288268E419AB3A2EB709E45CB90
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D32E33 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • type_info::operator==.LIBVCRUNTIME ref: 00D32F52
                                                                                                                                                                                                                                                                                                      • ___TypeMatch.LIBVCRUNTIME ref: 00D33060
                                                                                                                                                                                                                                                                                                      • CatchIt.LIBVCRUNTIME ref: 00D330B1
                                                                                                                                                                                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 00D331B2
                                                                                                                                                                                                                                                                                                      • CallUnexpected.LIBVCRUNTIME ref: 00D331CD
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                                                                      • String ID: csm$csm$csm
                                                                                                                                                                                                                                                                                                      • API String ID: 4119006552-393685449
                                                                                                                                                                                                                                                                                                      • Opcode ID: fc3fbb2a19c0b8c0c303b8fbc97853ebf8a2ba8c3bef0f5c48a6962a61b1e66a
                                                                                                                                                                                                                                                                                                      • Instruction ID: aa99881e221dcde93aed97b083f3e3a535ccbcb48b05a7ba95361c494f7bf276
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc3fbb2a19c0b8c0c303b8fbc97853ebf8a2ba8c3bef0f5c48a6962a61b1e66a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B3B16871D00209EFCF29DFA4CA819AEBBB5FF14310F18416AE8156B216D771DA61CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C549F0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 230threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: SystemParametersInfoW.USER32(00000030,00000000,00000000,00000000), ref: 00C550CD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetSystemMetrics.USER32(00000000), ref: 00C550DB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetSystemMetrics.USER32(00000001), ref: 00C550E1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetWindowRect.USER32(?), ref: 00C5511D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetCursorPos.USER32(00000000), ref: 00C55190
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: MonitorFromPoint.USER32(?,?,00000002), ref: 00C551A0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: GetMonitorInfoA.USER32(00000000,?), ref: 00C551B8
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: SetRect.USER32(?,?,?,?,?), ref: 00C551D7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C550B0: WindowFromPoint.USER32(?,?), ref: 00C551EB
                                                                                                                                                                                                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00C54A3B
                                                                                                                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 00C54B5B
                                                                                                                                                                                                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,?), ref: 00C54B69
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00C54B85
                                                                                                                                                                                                                                                                                                      • GetDesktopWindow.USER32 ref: 00C54B8B
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000), ref: 00C54B92
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$Rect$System$FromInfoMetricsMonitorPoint$ClassCursorDesktopNameParametersProcessTextThread
                                                                                                                                                                                                                                                                                                      • String ID: ($Windows.UI.Core.CoreWindow
                                                                                                                                                                                                                                                                                                      • API String ID: 3729781888-3665382032
                                                                                                                                                                                                                                                                                                      • Opcode ID: d746c827236d3765b6520af5c46bf756ff9ec070e3f327e082453d62ff1a0a28
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3206e9fec4bf9e6efc5b3da116174739465916f7110c18c760d5ca126fe7b7f9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d746c827236d3765b6520af5c46bf756ff9ec070e3f327e082453d62ff1a0a28
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D781F335D042099FCB04DF68CC85BEEB7B4EF55315F144258E811AB291DB71AEC9CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D24A7D Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 00D24A84
                                                                                                                                                                                                                                                                                                      • _Maklocstr.LIBCPMT ref: 00D24AED
                                                                                                                                                                                                                                                                                                      • _Maklocstr.LIBCPMT ref: 00D24AFF
                                                                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 00D24B17
                                                                                                                                                                                                                                                                                                      • _Maklocchr.LIBCPMT ref: 00D24B27
                                                                                                                                                                                                                                                                                                      • _Getvals.LIBCPMT ref: 00D24B49
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E3C1: _Maklocchr.LIBCPMT ref: 00D1E3F0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E3C1: _Maklocchr.LIBCPMT ref: 00D1E406
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                                                      • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                                                                                                      • Opcode ID: ec2d6ef14342868a5141ed5a77272d4511f28662cca225cf4ccb586266281bd1
                                                                                                                                                                                                                                                                                                      • Instruction ID: e48cd9ef5cf200035f68b0e464f0ad5b3607f8f93316d6c29bd2f58f0085521d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ec2d6ef14342868a5141ed5a77272d4511f28662cca225cf4ccb586266281bd1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA213071D00318AADB14EFA4E885ADE7BB8EF05714F048456B915AF242EB70D544CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2EC20 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00C4340D,00C4340F,00000000,00000000,5156ADB2,?,00000000,?,Function_00140550,00D99298,000000FE,?,00C4340D), ref: 00D2ECA9
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00C4340D,?,00000000,00000000,?,Function_00140550,00D99298,000000FE,?,00C4340D), ref: 00D2ED24
                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 00D2ED2F
                                                                                                                                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00D2ED58
                                                                                                                                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00D2ED62
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(80070057,5156ADB2,?,00000000,?,Function_00140550,00D99298,000000FE,?,00C4340D), ref: 00D2ED67
                                                                                                                                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00D2ED7A
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,Function_00140550,00D99298,000000FE,?,00C4340D), ref: 00D2ED90
                                                                                                                                                                                                                                                                                                      • _com_issue_error.COMSUPP ref: 00D2EDA3
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1353541977-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: cd21b3f4ab3d29542db2198b20095523c1599d440b4dec510e7fe849432b829f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 740bbf3db059a0e5ba0dc2fc5ca3099d053d68c00d6bf679052962d65def94ab
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cd21b3f4ab3d29542db2198b20095523c1599d440b4dec510e7fe849432b829f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8341F771A00325ABDB10DFA9EC45BAEBBB8EB58724F14422AF519E7340D775D8008BB4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2B3D0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 440COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C2B8E5
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C2B95E
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C2B96D
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy$___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: at line $, column $parse error$ror
                                                                                                                                                                                                                                                                                                      • API String ID: 1206660477-697689061
                                                                                                                                                                                                                                                                                                      • Opcode ID: 474039825fd707736742c5e6fbdab0fceedfd35d1357585a994e0922d9081cf5
                                                                                                                                                                                                                                                                                                      • Instruction ID: 76e2319778b809eba9fab0df6a86fb0d89467d5926352068e145e93ce18921ad
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 474039825fd707736742c5e6fbdab0fceedfd35d1357585a994e0922d9081cf5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8F12371D002588FDB08DF68DC85BADFB71EF55310F148358E418ABB92E774AAC58BA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C3A100 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 347commemoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(00D7D3E8,00000000,00000017,00D7BC44,00000000,?,?,?,?,?,?,?,?,?,00000000,00D5FC85), ref: 00C3A13D
                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00C3A1D6
                                                                                                                                                                                                                                                                                                      • SysAllocString.OLEAUT32 ref: 00C3A1EE
                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00C3A22A
                                                                                                                                                                                                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00C3A285
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ClearVariant$AllocCreateInstanceString
                                                                                                                                                                                                                                                                                                      • String ID: "$Shell_TrayWnd
                                                                                                                                                                                                                                                                                                      • API String ID: 1073678302-2651356388
                                                                                                                                                                                                                                                                                                      • Opcode ID: a3fe153d5a8a068233d49bcc09340d63c1644531588645e017de3685c1571d53
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5fdfa1a85e13aa664f389a4b8664d7d4edaa94dfd0cece00b3afee030c11a6aa
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3fe153d5a8a068233d49bcc09340d63c1644531588645e017de3685c1571d53
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CD19F70D00209DFDB00CFA9C948BAEBBB8FF49314F148199E855AB391D775EA45CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4C42C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 0-3907804496
                                                                                                                                                                                                                                                                                                      • Opcode ID: b6bc14a8a2bfa51a4b185f0a43a2aa29571f823a8efb1eafde46533335edd6bd
                                                                                                                                                                                                                                                                                                      • Instruction ID: bbf82e2fc4f7445540f9feca2e7f4bb18c5c6571cceb0056b11fac27d2a58f98
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6bc14a8a2bfa51a4b185f0a43a2aa29571f823a8efb1eafde46533335edd6bd
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5B1DE70A15205AFDB11DFA8C890BBE7BB4EF49354F189158E441AB3A2CB74E942CF70
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BFC3B0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 200registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00BFC515
                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00BFC546
                                                                                                                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(?,status,00000000,00000004,?,00000004), ref: 00BFC581
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00BFC593
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseFileModuleNameOpenValue
                                                                                                                                                                                                                                                                                                      • String ID: PCAppStore$Software\PCAppStore$status
                                                                                                                                                                                                                                                                                                      • API String ID: 1392962279-3586994989
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5581b75306e60e2fd9f79867505833676da2a40b021dd9bd0e8879dc40385815
                                                                                                                                                                                                                                                                                                      • Instruction ID: 27ea49df50d7e0568bf374ac58450f7e2c30b9c8ce53ec2ee3236a9bdcf37002
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5581b75306e60e2fd9f79867505833676da2a40b021dd9bd0e8879dc40385815
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A713970D002099BDB04DF68CD5ABAEBB74EF55314F14839CF9016B392EB709985CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D0CFD0 Relevance: 12.1, APIs: 8, Instructions: 132timekeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00D0D00E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D3F0: GdipCreateFromHDC.GDIPLUS(?,00000000,?,00000000), ref: 00D0D460
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D3F0: GdipSetSmoothingMode.GDIPLUS(00000000,00000004), ref: 00D0D478
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D3F0: GdipTranslateWorldTransform.GDIPLUS(00000000), ref: 00D0D4F9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D3F0: GdipScaleWorldTransform.GDIPLUS(00000000), ref: 00D0D51D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D3F0: GdipDrawImageI.GDIPLUS(00000000,00000000,00000000,00000000), ref: 00D0D53F
                                                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,00000000,00000000), ref: 00D0D025
                                                                                                                                                                                                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 00D0D03B
                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,?), ref: 00D0D07B
                                                                                                                                                                                                                                                                                                      • KillTimer.USER32(?,?), ref: 00D0D084
                                                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(?), ref: 00D0D087
                                                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00D0D0BE
                                                                                                                                                                                                                                                                                                      • SendInput.USER32(?,?,00000002,00000001,0000001C), ref: 00D0D10E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Gdip$KillPaintTimerTransformWindowWorld$BeginCreateDestroyDrawFromImageInputMessageModePostProcQuitScaleSendSmoothingTranslate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1723293199-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3a9d2b0990b007f692e2fa2973a0efc62b1b1103c032b86bb78d398437629e6a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8d902c59334589d2d5d88eae0d9c8fc674013685bb59b972056911084933f317
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3a9d2b0990b007f692e2fa2973a0efc62b1b1103c032b86bb78d398437629e6a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7141C3332002089BD714DFA8EC49BAAB7A8FB88321F04052BF90CC7391D772D92597B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BF8B80 Relevance: 12.1, APIs: 8, Instructions: 85registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000001,?), ref: 00BF8BBF
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00BF8BD0
                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,?,00000000,00000010,?), ref: 00BF8BF4
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32 ref: 00BF8C01
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00BF8C0A
                                                                                                                                                                                                                                                                                                      • RegNotifyChangeKeyValue.ADVAPI32(?,00000001,00000007,?,00000001), ref: 00BF8C1C
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000001), ref: 00BF8C2D
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000001), ref: 00BF8C36
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Close$Handle$ChangeCreateEventNotifyOpenValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 762518182-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 210466b34968b56b1eedbc77528e02ba7c08b5cf34e1ca0fbc807a000f677cc0
                                                                                                                                                                                                                                                                                                      • Instruction ID: 02729b3daa157736022f22b49766ee7e428eff041c4302569ed0316835800b56
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 210466b34968b56b1eedbc77528e02ba7c08b5cf34e1ca0fbc807a000f677cc0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 11312C71604309EFDB209F68DD49FAA7BB4FB05721F100669FA21972E0CBB69814DB74
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C6CF60 Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C6D143
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • %s at line %d of [%.10s], xrefs: 00C6D0CC
                                                                                                                                                                                                                                                                                                      • cannot open file, xrefs: 00C6D0C7
                                                                                                                                                                                                                                                                                                      • d33c709cc0af66bc5b6dc6216eba9f1f0b40960b9ae83694c986fbf4c1d6f08f, xrefs: 00C6D0BD
                                                                                                                                                                                                                                                                                                      • , xrefs: 00C6CFE2
                                                                                                                                                                                                                                                                                                      • recovered %d frames from WAL file %s, xrefs: 00C6D445
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID: $%s at line %d of [%.10s]$cannot open file$d33c709cc0af66bc5b6dc6216eba9f1f0b40960b9ae83694c986fbf4c1d6f08f$recovered %d frames from WAL file %s
                                                                                                                                                                                                                                                                                                      • API String ID: 885266447-2679698248
                                                                                                                                                                                                                                                                                                      • Opcode ID: b5e571bd03e098be04f57f45921caadefe120d55a212833b26e985be13122a07
                                                                                                                                                                                                                                                                                                      • Instruction ID: b99788e939fba9cd07c7e00c8507bcf7dfa18f23ed8c796596ba7e2a84426737
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5e571bd03e098be04f57f45921caadefe120d55a212833b26e985be13122a07
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0AF16971A043019FD720DF69C8C1B2AB7E5AB88304F14492DF5AAC7361EB75EE45CB52
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D49CDF Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3213747228-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4e6bafffbf3e1607503ca33bf63e680e6eb294915608c49dee8eec8d9739ef5a
                                                                                                                                                                                                                                                                                                      • Instruction ID: ffc0adf12500e81542ef142710b88032ac5b06d2687991f89277508b6d4b7c15
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e6bafffbf3e1607503ca33bf63e680e6eb294915608c49dee8eec8d9739ef5a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15B13432A05356AFDB11CF29CCA1BAFFBA5EF55310F184166E944AB282D374D905C7B0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D16C00 Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WlanOpenHandle.WLANAPI(00000002,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00D62EDD), ref: 00D16C3C
                                                                                                                                                                                                                                                                                                      • WlanEnumInterfaces.WLANAPI(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00D62EDD,000000FF), ref: 00D16C6E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Wlan$EnumHandleInterfacesOpen
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2895387714-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8852fe5b658b92be42028303235eec66014df64c17ba1c28fdb7acfff4c4ba30
                                                                                                                                                                                                                                                                                                      • Instruction ID: bb4a7f7fbeface9f78ed8dc4148b01c92a6873edbd2e3db08ea2394b08fb1678
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8852fe5b658b92be42028303235eec66014df64c17ba1c28fdb7acfff4c4ba30
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6F81B475A04705AFD724CF28EC41BAAB7B4EB45720F14876EF911977D0EB71A840CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C1AD40 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C1EFB0: std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00C1F078
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C1EFB0: std::_Lockit::_Lockit.LIBCPMT ref: 00C1F090
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C1EFB0: std::_Lockit::~_Lockit.LIBCPMT ref: 00C1F0B1
                                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00C1B03B
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Ios_base_dtorLocimpLocimp::_Lockit::_Lockit::~_New_std::ios_base::_std::locale::_
                                                                                                                                                                                                                                                                                                      • String ID: -$.$\$_$~
                                                                                                                                                                                                                                                                                                      • API String ID: 1455602924-405984932
                                                                                                                                                                                                                                                                                                      • Opcode ID: da515049fe7928731eded437d20d5a4c874a7ac87c02b08a97bd4099597bd6d8
                                                                                                                                                                                                                                                                                                      • Instruction ID: c5b7d58f53fec064a198d2dd1357b9d4a06208c3df9cb526f7c95404b9f30c3a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: da515049fe7928731eded437d20d5a4c874a7ac87c02b08a97bd4099597bd6d8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2A1F470901258DFCB14DFA8CC95BEEB7B4EF05310F1445A9E41AA7281DB30AE89DF61
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C4CA70 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000005), ref: 00C4CE8F
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000000,00000000,00000005,?,00000002), ref: 00C4CE9E
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer$ErrorExecuteHeapLastProcessShell
                                                                                                                                                                                                                                                                                                      • String ID: &eCode=%lu&br=default$open$product$showInCurrentBrowser_error
                                                                                                                                                                                                                                                                                                      • API String ID: 4239134190-3397519609
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9a0e1fd5517f6189902350fea005d29d6db4fd726712570415d8651face6f78a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8313f371180aa72dc4888ba29472c9eb815dc31f6299f1ff458a00c3d9ea95ae
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a0e1fd5517f6189902350fea005d29d6db4fd726712570415d8651face6f78a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A4410971901344FBE700EF648D07B9E7764EB1A714F20425CFA193A2C2EBB1654496B6
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1C13A Relevance: 10.7, APIs: 7, Instructions: 153threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C162
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C17F
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C1A0
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C223
                                                                                                                                                                                                                                                                                                      • __Xtime_diff_to_millis2.LIBCPMT ref: 00D1C23B
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C267
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00D1C2AD
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentThread$Xtime_diff_to_millis2
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1280559528-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a2d411503b55fb5e23f6bbb70cf6d88c25338b668b0b46d17298fa67612c5ddc
                                                                                                                                                                                                                                                                                                      • Instruction ID: ccc58c05089cd7809bc5f86538092c6ead451bdf250770d34a00c05c63210f7f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2d411503b55fb5e23f6bbb70cf6d88c25338b668b0b46d17298fa67612c5ddc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D9518E31A90615EBCF20DFA4E8815E977F1EF08710B295459E846EB252DB70ECC1CBB4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C16000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C16079
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C160C5
                                                                                                                                                                                                                                                                                                      • __Getctype.LIBCPMT ref: 00C160DE
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C160FA
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C1618F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 1840309910-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6fb81e31bdba2b1106a7c908c14a16efa768d357d943101cc2f6fb9517e32245
                                                                                                                                                                                                                                                                                                      • Instruction ID: 861c91186fa2b39f2b32af6e1b7bf5ecaeb80325df4dd3f9c0b67205c2181921
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fb81e31bdba2b1106a7c908c14a16efa768d357d943101cc2f6fb9517e32245
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 345171B1D00248ABDF10DFA4D9467DEFBB4EF15310F144129E815AB382EB75AA49CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D30550 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00D30587
                                                                                                                                                                                                                                                                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 00D3058F
                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00D30618
                                                                                                                                                                                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00D30643
                                                                                                                                                                                                                                                                                                      • _ValidateLocalCookies.LIBCMT ref: 00D30698
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                                                      • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                      • Opcode ID: 78466700de844a2fea9d618c1b54f4fa6cb54a6208af5cd15c5bcdc199f36a18
                                                                                                                                                                                                                                                                                                      • Instruction ID: e34ca50a8d187783633ba4eaf59a7134a255d01b980c848e75ba3e86773cfc84
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78466700de844a2fea9d618c1b54f4fa6cb54a6208af5cd15c5bcdc199f36a18
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3541A030A002099BCF10DF68C896A9EBFB5EF44324F188155E819AB396D775DA25CFB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D491F4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,5156ADB2,?,00D49303,?,?,00000000), ref: 00D492B5
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                      • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                                      • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2ab5e3625681b34dfcb0a2801ec97bdb0ff5be69699c007e4c65f87cc0b7f359
                                                                                                                                                                                                                                                                                                      • Instruction ID: c5a4c588f444a05c170aabc975283805b218a8ffe6faa71c8cc8fe2b38a0ac14
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ab5e3625681b34dfcb0a2801ec97bdb0ff5be69699c007e4c65f87cc0b7f359
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA21E772A01211BBC7219B66DCE5B5BB798EB41760B690210F955E7390D7B0ED01CAF8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BF6460 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 35windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000000,?), ref: 00BF649E
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00BF64B2
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00BF64C6
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000002,?), ref: 00BF64D7
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000003,?), ref: 00BF64E8
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Message$MetricsSystem
                                                                                                                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                                                                                                                      • API String ID: 2388057244-3993045852
                                                                                                                                                                                                                                                                                                      • Opcode ID: ac7c90658e8229581919e7078d267de2d46938c45155cd81d4d48d4283adb754
                                                                                                                                                                                                                                                                                                      • Instruction ID: 601b72ebafe7f545f1ddffcecf822d6a4e425010232511e8260d1d5b0346dcbe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac7c90658e8229581919e7078d267de2d46938c45155cd81d4d48d4283adb754
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C70128B1408346ABE300DF50C94975BBBE8FFD8708F104A1DF58896280D7B4D6888FA3
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D5A290 Relevance: 9.3, APIs: 6, Instructions: 275COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 00D5A3A4
                                                                                                                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 00D5A3C1
                                                                                                                                                                                                                                                                                                      • VirtualQuery.KERNEL32(83000000,5156ADB2,0000001C,5156ADB2,?,?,?), ref: 00D5A4A6
                                                                                                                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 00D5A4E3
                                                                                                                                                                                                                                                                                                      • _ValidateScopeTableHandlers.LIBCMT ref: 00D5A503
                                                                                                                                                                                                                                                                                                      • __FindPESection.LIBCMT ref: 00D5A51D
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FindSection$HandlersScopeTableValidate$QueryVirtual
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2529200597-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a44729effe91db1e003f5e25d76d9ad8836aa5cb28a4f5688d50c2faf5355c11
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9a6ace0ddc44e38c7d6082608a43b22dad8841b67c769167d482fafcef4a9753
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a44729effe91db1e003f5e25d76d9ad8836aa5cb28a4f5688d50c2faf5355c11
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFA19E71E002258FDF14CF9CD944AADB7A5EB45322F18422AED09D7352E731DD4A8BB2
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D404B3 Relevance: 9.3, APIs: 6, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00D4063B
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D40657
                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00D4066E
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D4068C
                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00D406A3
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D406C1
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b6916eca4b7c740c2435248bebdfe2f85a4867787ecbda8d60e6b37fc2bee76a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2d36fd47876184ead4bf0520ed8d658206041130f146bc9d7b120f33f9004ead
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6916eca4b7c740c2435248bebdfe2f85a4867787ecbda8d60e6b37fc2bee76a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B081E571A007069BE720AF28CC81B6ABBE9EF54324F28452DF651DA681E774E905CF70
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D552E6 Relevance: 9.2, APIs: 6, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,00D555B6,00000000,00000000,?,00000001,?,?,?,?,00000001,?), ref: 00D5538C
                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00D55521
                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00D55527
                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00D5555D
                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00D55563
                                                                                                                                                                                                                                                                                                      • __freea.LIBCMT ref: 00D55573
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __freea$Info
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 541289543-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4cb82b556dda7529654d27aabc6b615e489a75f56f7c8bb9dd5d6e071f1ce74b
                                                                                                                                                                                                                                                                                                      • Instruction ID: d7c8d65fbdb5007350dbf8ef3afc345d2a557425c21027c1df9ca27a4942be98
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4cb82b556dda7529654d27aabc6b615e489a75f56f7c8bb9dd5d6e071f1ce74b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA713872900A056BDF229F64AC62BAF77B6EF48352F2C0015EC49A7285EB70DC488770
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2E935 Relevance: 9.2, APIs: 6, Instructions: 224COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCPInfo.KERNEL32(?,?,?,?,?), ref: 00D2E9C0
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D2EA4E
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D2EAC0
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00D2EADA
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00D2EB3D
                                                                                                                                                                                                                                                                                                      • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00D2EB5A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2984826149-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 70be12e92df55afe522817c208efa782747e22ea5d6dd1113c93d3a2feb454ae
                                                                                                                                                                                                                                                                                                      • Instruction ID: 48cbfd134a621f191db8c35731ef115649f77fd1277c9f1be10d508baa03bbbb
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70be12e92df55afe522817c208efa782747e22ea5d6dd1113c93d3a2feb454ae
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1271A172900279ABDF218FA5EC45AEF7BB6EF69358F1C012AE845E6251D731C844CB70
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C55220 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 444COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00C55324
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • \u%0.4x, xrefs: 00C5563F
                                                                                                                                                                                                                                                                                                      • {"app": {"search" : {"show_skeleton":true}}}, xrefs: 00C55291
                                                                                                                                                                                                                                                                                                      • {"app": {"search" : {"search_request":"%ws"}, "show_window": "search"}}, xrefs: 00C552BF
                                                                                                                                                                                                                                                                                                      • {"app": {"hide_window": "search"}}, xrefs: 00C55263
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FreeString
                                                                                                                                                                                                                                                                                                      • String ID: \u%0.4x${"app": {"hide_window": "search"}}${"app": {"search" : {"search_request":"%ws"}, "show_window": "search"}}${"app": {"search" : {"show_skeleton":true}}}
                                                                                                                                                                                                                                                                                                      • API String ID: 3341692771-1280923374
                                                                                                                                                                                                                                                                                                      • Opcode ID: d0ecb5a4c9efa33524be7117cfb42292a2cbadcc75a64557356eae8c352d9f9e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f8b0b14d4ee28f74e6b23a932640d78c815427709471a9d9eb3ed305763395b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d0ecb5a4c9efa33524be7117cfb42292a2cbadcc75a64557356eae8c352d9f9e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F020234D00609CFCB04DFA8C865ADDB7B1FF19315F644268E815AB292EB70AD85CF95
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C3AD20 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 429COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C3AEB7
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C3AED0
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C3B129
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C3B142
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                                      • String ID: value
                                                                                                                                                                                                                                                                                                      • API String ID: 4194217158-494360628
                                                                                                                                                                                                                                                                                                      • Opcode ID: 962f61ec1fb6fd8b64d7a865726a4f1e7a9beadd98296e3910da1b3c1b827a50
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0f7569c5a413e599ab7bed10325faee9296f07de13fe7b74973f4a79a55faa54
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 962f61ec1fb6fd8b64d7a865726a4f1e7a9beadd98296e3910da1b3c1b827a50
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B002F370D002588FDB18DBA4CC957EEFBB5BF19300F248259E455A7782DB346E85CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1D15B Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00D1D1A4
                                                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00D1D20F
                                                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D1D22C
                                                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00D1D26B
                                                                                                                                                                                                                                                                                                      • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00D1D2CA
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00D1D2ED
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2829165498-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3bdffba9c1e7c5d6f1226e9d05c72b572c851b022e9d5dddc51b1a0e0b3e3932
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3bb52934f0acafa5e77c4b9e2c3f0d8ab4470cf8d5159262799de2cae4897bf3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bdffba9c1e7c5d6f1226e9d05c72b572c851b022e9d5dddc51b1a0e0b3e3932
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A851AD7250021ABFDF209FA4EC41FEB7BAAEB44740F294525F925E6190DB70DC908BB4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C200C0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C20261
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C2027A
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C204DD
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C204F6
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                                      • String ID: value
                                                                                                                                                                                                                                                                                                      • API String ID: 4194217158-494360628
                                                                                                                                                                                                                                                                                                      • Opcode ID: 22b109f150ee0f1eb832e842bb2221b968d83c6365b10e159a8f9b99a655cdb9
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0fe2247a1beab354bdbeac2f142e613f14fc27cdaddbd75dcc5509033cb58023
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22b109f150ee0f1eb832e842bb2221b968d83c6365b10e159a8f9b99a655cdb9
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED02F470C00258CFDF18DBA8D9847EDFBB1BF55300F24826AE455A7B82D7346A85CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C4AEF0 Relevance: 9.2, APIs: 6, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FindWindowW.USER32(00000000), ref: 00C4AF28
                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(?,00000000,00000000,00000000), ref: 00C4AF80
                                                                                                                                                                                                                                                                                                      • FindWindowExW.USER32(?,00000000,00000000), ref: 00C4AFD5
                                                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 00C4B00A
                                                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,?,00D7BF90,C0000000,?,?,?,?,?,00000000), ref: 00C4B067
                                                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00C4B09E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Window$Find$CreateLongRect
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3154434263-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c4108c213eb8fa0433e9b17478cb2f310227cb0b9976f3094bf7719955bb5073
                                                                                                                                                                                                                                                                                                      • Instruction ID: 28340f5a512f40acebd4c17376e6e36de2a3de8c686c2b1ac7aacc8fabf60d61
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4108c213eb8fa0433e9b17478cb2f310227cb0b9976f3094bf7719955bb5073
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C751ABB16043019FD304CF28DC55A5AB7E9FF89329F14866DF859D73A1EA30E905CBA2
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D17490 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 376COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetIpNetTable.IPHLPAPI(00000000,00000190,00000001), ref: 00D17506
                                                                                                                                                                                                                                                                                                      • GetIpNetTable.IPHLPAPI(00000000,00000190,00000001), ref: 00D1752E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D176F0: inet_addr.WS2_32(?), ref: 00D177B4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D176F0: SendARP.IPHLPAPI(00000000), ref: 00D177BB
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Table$Sendinet_addr
                                                                                                                                                                                                                                                                                                      • String ID: %02X
                                                                                                                                                                                                                                                                                                      • API String ID: 2456165744-436463671
                                                                                                                                                                                                                                                                                                      • Opcode ID: 88b7dbc3b79bf985fb10d66db894ba35ea0de018f27e50e6b6998e82f722414f
                                                                                                                                                                                                                                                                                                      • Instruction ID: b2b6a3b0649375fa10e9a4c58516d9a146a89011b04b99c1a1252957b4fea703
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 88b7dbc3b79bf985fb10d66db894ba35ea0de018f27e50e6b6998e82f722414f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2D10371D04204ABDB14DF68EC95BEEB7B6EF44310F184169E406A7291EF31ED85CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BF8850 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(00000000,00000000,00000001,?), ref: 00BF8BBF
                                                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00BF8BD0
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer$CloseCreateEventHandleHeapProcess
                                                                                                                                                                                                                                                                                                      • String ID: eCode=%d$product$theme_handler_error
                                                                                                                                                                                                                                                                                                      • API String ID: 1021729176-47238663
                                                                                                                                                                                                                                                                                                      • Opcode ID: 14e35bdf7fb66adf4991f3c6f7223ff6a5a938cc3b59fbd5ea0b93958262f8bc
                                                                                                                                                                                                                                                                                                      • Instruction ID: a1415f237d5be02e1769816cfce841fdd32b4dfa3c54d0e721434329949f2051
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14e35bdf7fb66adf4991f3c6f7223ff6a5a938cc3b59fbd5ea0b93958262f8bc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4CC1C170A016099FDB00DF68CC55BAEB7F4EF45724F1482A8E415AB3D2EB309D44CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D32AC5 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00D32ABC,00D3085A,00D2FE3B), ref: 00D32AD3
                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D32AE1
                                                                                                                                                                                                                                                                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D32AFA
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(00000000,00D32ABC,00D3085A,00D2FE3B), ref: 00D32B4C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: cce7d09d07ce5cbfa6a808e8f4f7325be1a1183c5d56ab69a97f9a16a5ca8c2d
                                                                                                                                                                                                                                                                                                      • Instruction ID: d924eaae4ff2b0a9aca265d8c5d0c08d00174cd5203c3e02773d03a7b9fbce98
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cce7d09d07ce5cbfa6a808e8f4f7325be1a1183c5d56ab69a97f9a16a5ca8c2d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB014232A0A7212EE7243B797D85A3ABB49EB01B70F20433AF110D22F4EF518C11D270
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C0B3C0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 235registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(80000001,00000000), ref: 00C0B546
                                                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000004), ref: 00C0B59A
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 00C0B5CE
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                      • String ID: Software\PCAppStore$status
                                                                                                                                                                                                                                                                                                      • API String ID: 3677997916-3794422696
                                                                                                                                                                                                                                                                                                      • Opcode ID: 64b2a48a2459269e944241fe2d8876428f58d4a87221d655a34784f6c4797a12
                                                                                                                                                                                                                                                                                                      • Instruction ID: d724239c550bdfb98d6fb40b73dadd575d84a41020a105008efe2f38fcdde808
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64b2a48a2459269e944241fe2d8876428f58d4a87221d655a34784f6c4797a12
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9581C374E002059BDB04DF68CD55BADB7B5EF85310F24826DE811AB3D1EB75AE42CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C60B10 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __allrem
                                                                                                                                                                                                                                                                                                      • String ID: os_win.c:%d: (%lu) %s(%s) - %s$winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                                                                                                                                      • API String ID: 2933888876-1606491752
                                                                                                                                                                                                                                                                                                      • Opcode ID: c23f24fcd3c4f8f1f33e328a06585a331e99dd1c0b33ed8cd4ec38cb035f8ae2
                                                                                                                                                                                                                                                                                                      • Instruction ID: e1028cfbbd95c6166d9dec0a0c050738329e9585fa5ee69befd42cc7c6cffc82
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c23f24fcd3c4f8f1f33e328a06585a331e99dd1c0b33ed8cd4ec38cb035f8ae2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2710971A087555FD720DF68D88475BBBE5AB88324F240729F958E3292D330EE94C7A3
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C391D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000), ref: 00C39210
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00C39B2C
                                                                                                                                                                                                                                                                                                      • PCAppStoreAutoUpdater, xrefs: 00C39AFE
                                                                                                                                                                                                                                                                                                      • product, xrefs: 00C3982F
                                                                                                                                                                                                                                                                                                      • GetCurrentDirectory_failed, xrefs: 00C3984F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                                                      • String ID: GetCurrentDirectory_failed$PCAppStoreAutoUpdater$Software\Microsoft\Windows\CurrentVersion\Run$product
                                                                                                                                                                                                                                                                                                      • API String ID: 1611563598-2374471032
                                                                                                                                                                                                                                                                                                      • Opcode ID: c38be36fe968150135c165b395930f3926ae623b937580aaf0d9935db568d61b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1758f9c5c478af8bb0947457aa510948a55ff2046b5d3f9e11b601f001cac34c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c38be36fe968150135c165b395930f3926ae623b937580aaf0d9935db568d61b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB512670D10345ABDB00EF68CD16B9E7B74EF56714F20435CF9152B2C2EBB09A85D6A2
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2DCE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2DE0D
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2DE12
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C2DE17
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                                                      • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                                                                      • Opcode ID: e8a52ef95bf37e3abe9002de6689bddaaaa64cb73a90ad53e686cb0ea6957b21
                                                                                                                                                                                                                                                                                                      • Instruction ID: c582472c713b379b4b80cfa26e75df7d8cae7a0f3984628cf0a9785bf516d676
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8a52ef95bf37e3abe9002de6689bddaaaa64cb73a90ad53e686cb0ea6957b21
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32414374900344AFCB20DF64D8417AABFF0EF15310F04855DE8669BB42DB769A45CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D24979 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                                                      • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5a2beb46d31570a593e0f97b8f6cd435af78c05f3b1bd453366b11f0df0363bc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4600db0e8556f7d2595e01fd99df96c7921f14bbd2b65720a51699d8925e28c3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a2beb46d31570a593e0f97b8f6cd435af78c05f3b1bd453366b11f0df0363bc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7921B0B1904B626ED725DF74989077BBEF8AF19304F040A1EE4A9C7A41D730EA41CBB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00BF63C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C36E90: MonitorFromPoint.USER32(00000000,00000000,00000001), ref: 00C36EB2
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C36E90: GetDpiForMonitor.API-MS-WIN-SHCORE-SCALING-L1-1-1(00000000,00000000,?,?), ref: 00C36EC3
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000000,?), ref: 00BF640C
                                                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32 ref: 00BF6420
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000002,?), ref: 00BF643D
                                                                                                                                                                                                                                                                                                      • SHAppBarMessage.SHELL32(00000003,?), ref: 00BF6450
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Message$Monitor$FromMetricsPointSystem
                                                                                                                                                                                                                                                                                                      • String ID: $
                                                                                                                                                                                                                                                                                                      • API String ID: 1856276538-3993045852
                                                                                                                                                                                                                                                                                                      • Opcode ID: 530e066cbecf1b20f156e2af7ee635332b8780ea197ebf8ee320730f084b6afe
                                                                                                                                                                                                                                                                                                      • Instruction ID: 103d06c64767c6e547fadacf1fbd8388f5535e0148f47f635619309ea0338017
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 530e066cbecf1b20f156e2af7ee635332b8780ea197ebf8ee320730f084b6afe
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46016DB28183489BD300DF15C845B1BBBE8FFD9718F005B1EF58892290E7B096488BA6
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D41120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5156ADB2,?,?,00000000,00D63127,000000FF,?,00D410FC,00000002,?,00D410D0,00D3CA0C), ref: 00D41155
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D41167
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,00D63127,000000FF,?,00D410FC,00000002,?,00D410D0,00D3CA0C), ref: 00D41189
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                      • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                      • Opcode ID: 768a7c4077aec82d0d4303f95de7be0b9edebdd4742da723774722374562c8fb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 82009b69b9bb5142f8fde244965ac144150e10b14d366b7caedd290c58597472
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 768a7c4077aec82d0d4303f95de7be0b9edebdd4742da723774722374562c8fb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 05014F35944729BFDB118F50DC05BAEBBB8FB04B54F044626F916E2290DBB49945CAB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D253BE Relevance: 7.9, APIs: 5, Instructions: 433COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D253C5
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D25540
                                                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00D257BA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F7DC: __EH_prolog3.LIBCMT ref: 00D1F7E3
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F4EC: __EH_prolog3.LIBCMT ref: 00D1F4F3
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F4EC: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F4FD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F4EC: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F56E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F616: __EH_prolog3.LIBCMT ref: 00D1F61D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F616: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F627
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F616: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F698
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: Concurrency::cancel_current_task.LIBCPMT ref: 00D1B3AD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: __EH_prolog3.LIBCMT ref: 00D1B3BA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1C401: __EH_prolog3.LIBCMT ref: 00D1C408
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1C401: std::_Lockit::_Lockit.LIBCPMT ref: 00D1C412
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1C401: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1C483
                                                                                                                                                                                                                                                                                                      • __Getcoll.LIBCPMT ref: 00D25580
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C130C0: __Getctype.LIBCPMT ref: 00C130CB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EDF0: __EH_prolog3.LIBCMT ref: 00D1EDF7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EDF0: std::_Lockit::_Lockit.LIBCPMT ref: 00D1EE01
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EE72
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EF1A: __EH_prolog3.LIBCMT ref: 00D1EF21
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EF1A: std::_Lockit::_Lockit.LIBCPMT ref: 00D1EF2B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1EF1A: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EF9C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F16E: __EH_prolog3.LIBCMT ref: 00D1F175
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F16E: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F17F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F16E: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F1F0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F0D9: __EH_prolog3.LIBCMT ref: 00D1F0E0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F0D9: std::_Lockit::_Lockit.LIBCPMT ref: 00D1F0EA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1F0D9: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F15B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: __EH_prolog3.LIBCMT ref: 00D1B2F1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::_Lockit.LIBCPMT ref: 00D1B2FB
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1B2EA: std::_Lockit::~_Lockit.LIBCPMT ref: 00D1B3A2
                                                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00D2586B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtcollatenumpunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2535241748-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3eefe642ff75276ebec06adc3f336ad05c6ff8d67ffc4c9ff6dfab84a854c434
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8867b6e5dbe392fa1cc144def421b74061cff3fa61828b40d6f5122ee001251c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3eefe642ff75276ebec06adc3f336ad05c6ff8d67ffc4c9ff6dfab84a854c434
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98E11571800626ABDB15AF60BC42EBF7AB6EF65364F14482DF8546B391EF308D4097B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C30A00 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 241memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetProcessHeap.KERNEL32(00000000,-0000001C,00000000,-00000002,00000000,?), ref: 00C30A37
                                                                                                                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000000,-0000001C,00000000,-00000002,00000000,?), ref: 00C30A3D
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Heap$AllocProcess
                                                                                                                                                                                                                                                                                                      • String ID: length
                                                                                                                                                                                                                                                                                                      • API String ID: 1617791916-25009842
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9bd1f16b98afd7f9b5bd086a50c5763320dbe4a0bf3ef8cf06c41511fe421bb5
                                                                                                                                                                                                                                                                                                      • Instruction ID: d786a58801ce0d3b14258622216a9e4174961b97c08f7755e613f5dc18d97529
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9bd1f16b98afd7f9b5bd086a50c5763320dbe4a0bf3ef8cf06c41511fe421bb5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D71BE77B142009FE304DF18E851B6AB7E5EF91320F258679E8198B380EB75ED058BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C13310 Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C13333
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C13356
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C13376
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C13110: std::_Lockit::_Lockit.LIBCPMT ref: 00C1318F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C13110: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C131E4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C13110: __Getctype.LIBCPMT ref: 00C131FD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C13110: std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C13247
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C133EB
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C13403
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_$Locinfo::_Lockit::~_$Facet_GetctypeLocinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1006824174-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a882ee1a57485a5b0112b06de5db854ac1ba9a86721b5f4e2b7d569aa0a5cf91
                                                                                                                                                                                                                                                                                                      • Instruction ID: dabc00c648654c1bb6a34cb8d191b394c64b4e03b07b2874d27547387482be5a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a882ee1a57485a5b0112b06de5db854ac1ba9a86721b5f4e2b7d569aa0a5cf91
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73512631A003559FCB14DF58D8506AEBBE0FB8A724F14462AE865E7390DB30EE45DBE1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2E080 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2E0A3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2E0C6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2E0E6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2DE20: std::_Lockit::_Lockit.LIBCPMT ref: 00C2DE92
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C2DE20: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C2DEDE
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C2E15B
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2E173
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_$Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegister
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1197013505-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1c6a675a6433db04bb90ce74cf2c2abc38ef8f8efc09f0e9ea00917ba1e29821
                                                                                                                                                                                                                                                                                                      • Instruction ID: 91e91e493b85f5868056467f0a8964db533fc07f3ccbcfc0ee45e2246e7d57ef
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c6a675a6433db04bb90ce74cf2c2abc38ef8f8efc09f0e9ea00917ba1e29821
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B131C375D00265DFCB11CF44E8506AEBB70FB05720F144669E925B7792DB30AE86CBE1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C16290 Relevance: 7.6, APIs: 5, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C162B3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C162D6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C162F6
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00C1636B
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C16383
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 459529453-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b4575b833a96c16a7119bff20090d3f710675a66f536f506ba4af941ad8a56e8
                                                                                                                                                                                                                                                                                                      • Instruction ID: e815595b0a503f950a99a883ff0fd700f3c794d46bdfabf061e3d121b6587c06
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4575b833a96c16a7119bff20090d3f710675a66f536f506ba4af941ad8a56e8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2931C175900215DFCB21CF58D850AEEFB74FB06320F184259E825A73A1DB30AE85CBE1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1E32F Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2020259771-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b4c5a78c4c32d50456c1dd5e9d4ce7b373b3312b52e479936d27ca10e430d3ef
                                                                                                                                                                                                                                                                                                      • Instruction ID: 737985b636eae59e535495c635c57e80760c104ca8555bbcbbad86c5d729e56a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4c5a78c4c32d50456c1dd5e9d4ce7b373b3312b52e479936d27ca10e430d3ef
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15119EB1500744BBE720DBA4E881F96BBECEF09714F080A19F985CB641EB64F99087B4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1C401 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1C408
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1C412
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00D1C44C
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1C463
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1C483
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 712880209-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 60f340da9e061b81f5c0fd0184aaf18690ae74100c9bc396d059ff9ec2e5dc6b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0c63ef42f8c1923984c230ca7b89d6c8d13fee03a83be343849236b40eedb24a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 60f340da9e061b81f5c0fd0184aaf18690ae74100c9bc396d059ff9ec2e5dc6b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8901D635954215ABCB04EF64E8216FEB771EF89320F144508E421A73D1CF30AE419BF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1E9DD Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1E9E4
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1E9EE
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • codecvt.LIBCPMT ref: 00D1EA28
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EA3F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EA5F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 712880209-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ab4f9f1b6598ddeed879f7f74e75debe6d2dc5f197d34ff2e39c4cf0ab665865
                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f2990fc7c72e62cf2900afd45bd67be8a8b5bf2333bf52ca24750af8f5d8c09
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab4f9f1b6598ddeed879f7f74e75debe6d2dc5f197d34ff2e39c4cf0ab665865
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B01C035904225ABCB04EB64E8256EEB771BF89320F140508E821AB3D2CF309E419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EA72 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EA79
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EA83
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D1EABD
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EAD4
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EAF4
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b49d7dcadc364c8092ac66935dbc25258ddd39dbcb0a1c4d5dfa7ac7a17413d9
                                                                                                                                                                                                                                                                                                      • Instruction ID: c06ffc487c4ad27b40ad159efec73ebd05594f248cf7388196362c51b083a378
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b49d7dcadc364c8092ac66935dbc25258ddd39dbcb0a1c4d5dfa7ac7a17413d9
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7501C435900225ABCF05EB64E8256FEB771BF99314F140409F821A73D1CF749E4197B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EB9C Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EBA3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EBAD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • ctype.LIBCPMT ref: 00D1EBE7
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EBFE
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EC1E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 83828444-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 32748c69db01fd2c2a527c91925b625556c2b2cf146eb2644ab1d1c030b87ad4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7bb6258de93192c1ccd9493b317e841778d2f5836d036479bdbe03511c302c87
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32748c69db01fd2c2a527c91925b625556c2b2cf146eb2644ab1d1c030b87ad4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5101C475900215EBCB04EB64E8656EEB771AF85310F180409E822A73D2CF309A81DBF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EB07 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EB0E
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EB18
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D1EB52
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EB69
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EB89
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6d350247546b0ad512f60db7de72d23e6ffc280476cb3b7ae17ecf4e30fa1117
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0da074f4d611ae98fe049f1cb1e44555ddda464d847f6a4947beb0ba64c23e22
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d350247546b0ad512f60db7de72d23e6ffc280476cb3b7ae17ecf4e30fa1117
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D010435904214DBCF04EB64E961AEDB771AF95320F180509E822A73C1CF309A4197B0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1ECC6 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1ECCD
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1ECD7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00D1ED11
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1ED28
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1ED48
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: d7f2e15923b05b0ff6cf58fcb8cd9b3c7b8b56f1d49c41516adb60f11f10d1fb
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2ecaab6681778e5ac078e2e457c213a043e255b5715c99913aa51a5b74018f08
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d7f2e15923b05b0ff6cf58fcb8cd9b3c7b8b56f1d49c41516adb60f11f10d1fb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1701D6359002259BCF05EB64E8256EEB771EF95310F180508E821AB3D1DF709E41DBF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EC31 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EC38
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EC42
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00D1EC7C
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EC93
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1ECB3
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 56551076a584bef88d67044ef6054b6f674d6aad19da6bcc02d4910f817ac1dc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8997ed6ec1b618c0afe59271ad657e34e66eede6b736baeb1258b1602c250073
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56551076a584bef88d67044ef6054b6f674d6aad19da6bcc02d4910f817ac1dc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1601C435900225EBCF05EB64E9226FEB771AF85320F140408E811AB3D2CF349E4197F1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EFAF Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EFB6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EFC0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D1EFFA
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F011
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F031
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: be5a94be6c5c06703e7bbc2a1c6e6d012300cdd76757c0482863051c10f78634
                                                                                                                                                                                                                                                                                                      • Instruction ID: f30eb2dc6d1d1b58cb62c382bd0f2046531139ff656c9bbfb7a31e00cbe3f729
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be5a94be6c5c06703e7bbc2a1c6e6d012300cdd76757c0482863051c10f78634
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63019635900225DFCF05EB64E9256EEB771EF89320F180519E821AB3D2CF749E459BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F0D9 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F0E0
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F0EA
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D1F124
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F13B
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F15B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1ca7b3418eae2cf2a2f538056845916f5fc21226a5004b7818e742812c974e4c
                                                                                                                                                                                                                                                                                                      • Instruction ID: f8810589ac8d25815e22f85fffa5d114dae8ef8360ca62d8a2efcf60538be6ff
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ca7b3418eae2cf2a2f538056845916f5fc21226a5004b7818e742812c974e4c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C01D275900229EBCF05EB64E8256EEBB71EF85320F140518E821AB3D1CF709E819BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B0A2 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B0A9
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B0B3
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • collate.LIBCPMT ref: 00D2B0ED
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B104
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B124
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1007100420-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7b1d08de28ce191e762a1a53b022a3d58320ef3c8012a2aac9e70a8a158299fe
                                                                                                                                                                                                                                                                                                      • Instruction ID: 386ea15a419f24da052e10140c2162b523aed94820df2d552396749feef6ea29
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b1d08de28ce191e762a1a53b022a3d58320ef3c8012a2aac9e70a8a158299fe
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E0122359002259BCF05EBA4E8616FEBB70EF99324F14040AE421AB3C2CF749E419BB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F044 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F04B
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F055
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D1F08F
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F0A6
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F0C6
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 43957817c46384d30260986dfd2aea99932d443e8bd7c86a134131bb0bc5d6a8
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2da079187f761c8e545a39066eb9bde3d735680132bade3f8216c498e2174877
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43957817c46384d30260986dfd2aea99932d443e8bd7c86a134131bb0bc5d6a8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C301C035900229AFCF05EB64E821AEEB771AF89314F180419E421AB3D2CF709E459BF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F16E Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F175
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F17F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D1F1B9
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F1D0
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F1F0
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 36404a5bd8013c327989957743c811ae62ff28bbbfc9faf00f9c87d52be7bda8
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1508050b457ea9289076a2d71106461d83a6517b1730364fab644197f96dfebe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36404a5bd8013c327989957743c811ae62ff28bbbfc9faf00f9c87d52be7bda8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DA018435900225EBCF05EB64E8656EDB771AF85310F640519E421AB3D1CF749A829BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B137 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B13E
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B148
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • messages.LIBCPMT ref: 00D2B182
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B199
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B1B9
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2750803064-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2fbd32ac682607a554575ffe89ec450663218ad53c2cda92eff6e315ac922fbc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 17ad66f07e737613fe9bb6d153f96d62fd1fc95a679b745ca00edec9e0fca0af
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fbd32ac682607a554575ffe89ec450663218ad53c2cda92eff6e315ac922fbc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0701C4359002259BCF06EB64A8616AEB771EFA5324F140409E421AB3D1CF749A419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B2F6 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B2FD
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B307
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D2B341
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B358
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B378
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6ca1344de9fbfa6aa18265da97f42488b4067a6d8c387718ef29e855c699070a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 87dc47f7fce10fe7f93e56924ca2c0278c374e13abe027e616af2e3d758cbc93
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ca1344de9fbfa6aa18265da97f42488b4067a6d8c387718ef29e855c699070a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E801C435900225DBCF05EB64A8256AEB771EF95324F140419E421A73D1DF749E4197F1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F3C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F3C9
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F3D3
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • numpunct.LIBCPMT ref: 00D1F40D
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F424
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F444
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 743221004-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 93b3d82cc0ff958d28b890777e750b85dd6c2531825d81c8dbeb63130416ab86
                                                                                                                                                                                                                                                                                                      • Instruction ID: 536b7ad79de4b7dd644873eb43ffa914bbe69ae7a5e8bc83aee7f9ceba6cf636
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93b3d82cc0ff958d28b890777e750b85dd6c2531825d81c8dbeb63130416ab86
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2901D635900225DBCF05EB64E8256EEB771EF85310F184419E421A73D2CF349E419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B38B Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B392
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B39C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • moneypunct.LIBCPMT ref: 00D2B3D6
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B3ED
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B40D
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 419941038-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b5262eeea4eb51d15bf8b847d18f249e463ecded33e2fb9dd190281fe31fd456
                                                                                                                                                                                                                                                                                                      • Instruction ID: 256e54ef28f8ba62c488883b666904cbdd2131cef2e04e4b90743574e414d0d5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5262eeea4eb51d15bf8b847d18f249e463ecded33e2fb9dd190281fe31fd456
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A301C4359002259BCF05EB64E8616EDB771EF95324F14041AE421A73D1CF749A4297B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D14C50 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,00000000,?,?), ref: 00D14D0B
                                                                                                                                                                                                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,?,?,?), ref: 00D14D3F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: EnumPrinters
                                                                                                                                                                                                                                                                                                      • String ID: full_toner$paper_in
                                                                                                                                                                                                                                                                                                      • API String ID: 899101462-3620103445
                                                                                                                                                                                                                                                                                                      • Opcode ID: 529b2f8dc7601946ef7ff8af734682d4b9198f7c6a9d0c83760c06ea9cfc407c
                                                                                                                                                                                                                                                                                                      • Instruction ID: df1cfd82c2997c7bb2563ca544e0eaa9c098007da83cf3bff7a8670279d8d88e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 529b2f8dc7601946ef7ff8af734682d4b9198f7c6a9d0c83760c06ea9cfc407c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52020630900605EFDB04DFA8EC55BEEB7B5EF85314F188258E815AB295EF349D85CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C1D510 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 381COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00C1D95D
                                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00C1DA47
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                                                                      • String ID: `$cannot use push_back() with
                                                                                                                                                                                                                                                                                                      • API String ID: 323602529-223465558
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1a6211f40023c2ce05b9c905572ab54677b052cf6eb98b5f162a0a3ebda6f7ab
                                                                                                                                                                                                                                                                                                      • Instruction ID: 480782361373d776c393d4db170a780c45e9b6e4a46a6dc797f7173d864a14a0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1a6211f40023c2ce05b9c905572ab54677b052cf6eb98b5f162a0a3ebda6f7ab
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16026B70900258DFDB10DFA4C885BDDBBF4AF09314F1484A9E449AB392DB74AE85DFA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D44323 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __freea
                                                                                                                                                                                                                                                                                                      • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                      • API String ID: 240046367-3206640213
                                                                                                                                                                                                                                                                                                      • Opcode ID: c6be131c18f679cbb25b901d65e87f7038121603f7da0031ad4191e4de40afbc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2f3d3d0ad3b463829eb69b39a22bd7fd4ac322bfe0af69f732c49ade77c37041
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6be131c18f679cbb25b901d65e87f7038121603f7da0031ad4191e4de40afbc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AC1FC74900212DBCF248FA8C895BBAB7B0FF5A300F298159E585AB251C371DCC2CBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C53170 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 264COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ClearVariant
                                                                                                                                                                                                                                                                                                      • String ID: Chrome_WidgetWin_1$MozillaWindowClass
                                                                                                                                                                                                                                                                                                      • API String ID: 1473721057-494408651
                                                                                                                                                                                                                                                                                                      • Opcode ID: c9a6ae57a5f92e4b8af54ff9511291f45897e30dd0c92e2a23ebf8e0b9bdd677
                                                                                                                                                                                                                                                                                                      • Instruction ID: 67e32b24c4a5c9213c22f8c8eec5d7864837339524211b4da37f827d02905624
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9a6ae57a5f92e4b8af54ff9511291f45897e30dd0c92e2a23ebf8e0b9bdd677
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8A1E174E00249DFDB04DFA8C855BAEBBB4EF49314F148258E811AB391DB35AF45CBA4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C6AFE0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID: %s at line %d of [%.10s]$d33c709cc0af66bc5b6dc6216eba9f1f0b40960b9ae83694c986fbf4c1d6f08f$database corruption
                                                                                                                                                                                                                                                                                                      • API String ID: 0-1212038961
                                                                                                                                                                                                                                                                                                      • Opcode ID: fe780b29713fef94bfced4bad462cd83d4937b1efbd936a060dd69d6befd408d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 75670c6a47afbdf544d7d89ac0435839af1c196c10e009a5e5091b3dabefd563
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe780b29713fef94bfced4bad462cd83d4937b1efbd936a060dd69d6befd408d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2819DB0300301AFDB308F64D8D1B2ABBE5AF49314F148569ED69CB252D732ED95CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C43440 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00C4375E
                                                                                                                                                                                                                                                                                                      • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00C437D7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C0F300: std::_Lockit::_Lockit.LIBCPMT ref: 00C0F323
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C0F300: std::_Lockit::_Lockit.LIBCPMT ref: 00C0F345
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C0F300: std::_Lockit::~_Lockit.LIBCPMT ref: 00C0F365
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C0F300: std::_Lockit::~_Lockit.LIBCPMT ref: 00C0F38F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_$Ios_base_dtorLockit::_Lockit::~_std::ios_base::_
                                                                                                                                                                                                                                                                                                      • String ID: X$`
                                                                                                                                                                                                                                                                                                      • API String ID: 1377101590-565454564
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c0d63b47f60320de25f5947925830f35aefd6f29dc8c311968f9e4aeda075dc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 15446d2519c2d2c6b16da0e3a4d8ed9bfdc2da00cf545f9137b4730cffec34ee
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c0d63b47f60320de25f5947925830f35aefd6f29dc8c311968f9e4aeda075dc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0B106B09012589FDB11DF64C989BDEBBB4BF08304F1485E9E409AB391DB71AE89CF50
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D149B0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,00000000,00D62B38,?,?,00000000), ref: 00D149E8
                                                                                                                                                                                                                                                                                                      • EnumPrintersW.WINSPOOL.DRV(00000006,00000000,00000002,00000000,00D62B38,00D62B38,?), ref: 00D14A25
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: EnumPrinters
                                                                                                                                                                                                                                                                                                      • String ID: list too long$name
                                                                                                                                                                                                                                                                                                      • API String ID: 899101462-2745698654
                                                                                                                                                                                                                                                                                                      • Opcode ID: f4cca23aae20d900c8ba0e7c6d846af525eeddf6e54a44e5c3d4c3b77d37e2cc
                                                                                                                                                                                                                                                                                                      • Instruction ID: b489946c693d23bc28fe0cd9bf52f6accbcc7d2e641423196fc1fb08aa631441
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f4cca23aae20d900c8ba0e7c6d846af525eeddf6e54a44e5c3d4c3b77d37e2cc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41817DB1D00219EFDB10DF94E845BEEBBF4FF05714F148029E819AB281EB70A944CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C17900 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C17A8D
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C17B1D
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C17B44
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: ror
                                                                                                                                                                                                                                                                                                      • API String ID: 2659868963-4099539540
                                                                                                                                                                                                                                                                                                      • Opcode ID: f435a8a6fcac27c13d92dc61a88879f0b5c5bde15eb064baf9b1fc24e1b71352
                                                                                                                                                                                                                                                                                                      • Instruction ID: bf6f4851a60c5be4ed1d1ce5011f7738cc0a83bf9de5a2cb50714326aa88e1f8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f435a8a6fcac27c13d92dc61a88879f0b5c5bde15eb064baf9b1fc24e1b71352
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC61CF71C147489BDB08CF68D8847DEBBB5FF56310F14871AE415AB781E7B4A584CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D331D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • EncodePointer.KERNEL32(00000000,?), ref: 00D331FD
                                                                                                                                                                                                                                                                                                      • CatchIt.LIBVCRUNTIME ref: 00D332E3
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CatchEncodePointer
                                                                                                                                                                                                                                                                                                      • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                                      • API String ID: 1435073870-2084237596
                                                                                                                                                                                                                                                                                                      • Opcode ID: 19720890a1cec3a98ac4073dd9c8bd73c0f1378174e2211153e96273bfc6d0f2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0ab9ce4d158971d4732e35728ab16fa436145a4264ef45c3ca03dec0622326e7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19720890a1cec3a98ac4073dd9c8bd73c0f1378174e2211153e96273bfc6d0f2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C417C76900209AFCF16DF98CE81AEEBBB5FF48300F198099F905A7225D3759A50DB64
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2C5D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                                                      • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                                                                                                      • Opcode ID: f664c097745b59473cd2cbce72f4163786c69199c3cf7c5d606d839762e6411a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 78c64de2b1ad52fead7fe48f02617d01c2d2b121d5c9bf210e8508bf2b2b7ddc
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f664c097745b59473cd2cbce72f4163786c69199c3cf7c5d606d839762e6411a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9221ACA1904BA26ED725DF749890B7FBEF8AB19305F04195AE099C7A41D734EA01CBB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D248AE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D248B5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E32F: _Maklocstr.LIBCPMT ref: 00D1E34F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E32F: _Maklocstr.LIBCPMT ref: 00D1E36C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E32F: _Maklocstr.LIBCPMT ref: 00D1E389
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E32F: _Maklocchr.LIBCPMT ref: 00D1E39B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D1E32F: _Maklocchr.LIBCPMT ref: 00D1E3AE
                                                                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 00D24942
                                                                                                                                                                                                                                                                                                      • _Mpunct.LIBCPMT ref: 00D2495C
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                                                                                                      • String ID: $+xv
                                                                                                                                                                                                                                                                                                      • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                                                                                                      • Opcode ID: 945ab767428cbe73c23509ae32bc0f7fce26b52c1053644c0eb0f101e6015ec1
                                                                                                                                                                                                                                                                                                      • Instruction ID: 30524b738f2c93db169bb560a3469479692b42b09a74d042957dc1e3a1394d5d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 945ab767428cbe73c23509ae32bc0f7fce26b52c1053644c0eb0f101e6015ec1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3821A1A1904B626ED725DF749490B7BBEF8AB1C305B04095EE499C7A41D730EA41CBB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D33C12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00D33BC3,00000000,?,00DA21A4,?,?,?,00D33D66,00000004,InitializeCriticalSectionEx,00D690EC,InitializeCriticalSectionEx), ref: 00D33C1F
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00D33BC3,00000000,?,00DA21A4,?,?,?,00D33D66,00000004,InitializeCriticalSectionEx,00D690EC,InitializeCriticalSectionEx,00000000,?,00D33B1D), ref: 00D33C29
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00D33C51
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID: api-ms-
                                                                                                                                                                                                                                                                                                      • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                                      • Opcode ID: a456f10c4d9b9c8da1f700c7dfd9b338c32ea7d6bcb34ab65437765ab954cb0b
                                                                                                                                                                                                                                                                                                      • Instruction ID: dce2638783e7ed4c74f393a6444a6a2b436b19a5b44cd98170409a0f4b1d206b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a456f10c4d9b9c8da1f700c7dfd9b338c32ea7d6bcb34ab65437765ab954cb0b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BE0BF30784305FBEF205F61EE16B597F9D9B14B50F545060FA0CF81E1D7A2EA5099B8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4AC9C Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetConsoleOutputCP.KERNEL32(5156ADB2,00000000,00000000,00000000), ref: 00D4ACFF
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D4E936: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D4EC9D,?,00000000,-00000008), ref: 00D4E997
                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00D4AF51
                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D4AF97
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00D4B03A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 08367810dc9f415c70d12adcc0a336189db848f8fbd04612ebf0b045b89d4879
                                                                                                                                                                                                                                                                                                      • Instruction ID: e37320c72cb7633b926e87ba0f6f594528820611be0c74e27c55534dd44c029c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 08367810dc9f415c70d12adcc0a336189db848f8fbd04612ebf0b045b89d4879
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CD16CB5E042589FCF15CFA8D8809ADBBB5FF09314F28416AE466EB351D730E946CB60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D32BDC Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AdjustPointer
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1740715915-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c19d20687e7bb1022c89af87affcee016b227acb63649be2551b03b5e9d74621
                                                                                                                                                                                                                                                                                                      • Instruction ID: 18b93ef6aa1c72902cd41bfb82682947ba8cc27fbaea05f60d23f0ff4f0c0b8a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c19d20687e7bb1022c89af87affcee016b227acb63649be2551b03b5e9d74621
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5451A472E01602AFDB298F14E842BBAB7A4FF54711F28452DE945976A1D731ED80CBF0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C3A680 Relevance: 6.1, APIs: 4, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,00000000,00D5D0DD,000000FF,?,00C3187E,?), ref: 00C3A6F6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19AC0: LoadResource.KERNEL32(00000000,00000000,00000001,00000000,?,00C19A8A,?,?,00000000,00000000,?,?,?,00000000,?,00C19BE8), ref: 00C19AC9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19AC0: LockResource.KERNEL32(00000000,?,00C19A8A,?,?,00000000,00000000,?,?,?,00000000,?,00C19BE8,?,?,00000000), ref: 00C19AD4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19AC0: SizeofResource.KERNEL32(00000000,00000000,?,00C19A8A,?,?,00000000,00000000,?,?,?,00000000,?,00C19BE8,?), ref: 00C19AE2
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000), ref: 00C3A72F
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00D5D0DD,000000FF), ref: 00C3A77A
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,00000000,00000000,?,?,?,?,00000000,00D5D0DD,000000FF), ref: 00C3A7B0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19A40: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,00000000,?,00C19BE8,?,?,00000000,00C19FE7,?), ref: 00C19A77
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Resource$ByteCharMultiWide$FindInit_thread_footer$HeapLoadLockProcessSizeof
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 379512009-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f0c33bf1ef606dc2628de07c72fa0783fb715502bb445a9f37edf8df3fcb5f6d
                                                                                                                                                                                                                                                                                                      • Instruction ID: e352b885502a9d4f0340153e445d8767cbf11f880df767e695903ecd2b582ac6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f0c33bf1ef606dc2628de07c72fa0783fb715502bb445a9f37edf8df3fcb5f6d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E41D631340301BFE7249F59CC96F2AB6A9EF85B10F20012DF692DB3C5DAB1AD119765
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4DC93 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 66ca3902b8c3538cfc5f2b7c0b2dbaaec7a1869a574457b2cb9282c67b76d62b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 40ce9c901d6c7200dd9729d84cde253c1beab0bbf0ef315f68d39454c00948e4
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66ca3902b8c3538cfc5f2b7c0b2dbaaec7a1869a574457b2cb9282c67b76d62b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 77410972A00704AFDB249F38CC45BAABBAAEB88710F10452AF412DB281D775E940C7B0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2B210 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C2B24A
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C2B292
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00C2B2C7
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00C2B35C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1143662833-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 83ef98bdc330c3c246a65271b6fe7e2d0f5912fde754838b28554b01f76939bc
                                                                                                                                                                                                                                                                                                      • Instruction ID: a1df5306a14ee0db55610b68ebf08c04a59252da52a66b015fa53f7eaeb8cc4d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83ef98bdc330c3c246a65271b6fe7e2d0f5912fde754838b28554b01f76939bc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 29414FB0C003889ADB10DFE4D91579EFBF8AF14304F144519E959EB381EB74AA48CB61
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C32900 Relevance: 6.1, APIs: 4, Instructions: 83registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RegCreateKeyW.ADVAPI32(?,80004005,80004005), ref: 00C3292A
                                                                                                                                                                                                                                                                                                      • RegSetKeyValueW.ADVAPI32(80004005,00000000,?,00000001,00D7304C,0065006D,?,80004005,80004005,?,?,?,00000000,00D5EEAD,000000FF), ref: 00C3295C
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(80004005,?,80004005,80004005,?,?,?,00000000,00D5EEAD,000000FF,?,80004005,80070057,80004005,00D7304C), ref: 00C32969
                                                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(80004005,?,80004005,80004005,?,?,?,00000000,00D5EEAD,000000FF,?,80004005,80070057,80004005,00D7304C), ref: 00C32973
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Close$CreateValue
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1009429713-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5e10777acb9ba67c9ad712c8714c7f0f2fbfc987f1ec9e25fa4b0301dfe5747a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 65d89b2adcf5cf74d2b7adb09c4d87900bbc25bcfff9682936bd4fc218fc9ea8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e10777acb9ba67c9ad712c8714c7f0f2fbfc987f1ec9e25fa4b0301dfe5747a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6314771601A15AFDB10CF69DC48B9AB7A8FF09725F148269F829CB3A1D731DD00CBA0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D43238 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: e38576b81446b634c772c9d4b8374411df2c93551ce3bef5ffcc43b3060e37f4
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7477221abf01eac306afb4c05c89caa696dcbe383499a88a56d83d5e1c084813
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e38576b81446b634c772c9d4b8374411df2c93551ce3bef5ffcc43b3060e37f4
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0921C071604206BFDF20AF69CC85D2BB7A8EF44364B148518F965D7151EBB0EE009BB8
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D51FB9 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNEL32 ref: 00D51FC1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D4E936: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00D4EC9D,?,00000000,-00000008), ref: 00D4E997
                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D51FF9
                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00D52019
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 158306478-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a5bd1773e0e5892f3c39c427c89b48f3fc0602dfb6386446df52af12cd37a498
                                                                                                                                                                                                                                                                                                      • Instruction ID: 69e26761817cb222e978b078049ec99f83dc89c9046d6e4d19dbfb36b4499efe
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a5bd1773e0e5892f3c39c427c89b48f3fc0602dfb6386446df52af12cd37a498
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5811D2B2A022157F6B3167799C89CBF6A6CDE9A3D67140424FD02D1282EE64CD0999B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1A0C6 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1A0CD
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1A0D7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1A128
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1A148
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 3ab8eda16b1890f3c57841505aa71dd8a4128bbc7b359d079563e4ed2378bf19
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1f043a0d76c774b4c454dc791308caa89b3ff759f2b8aaba7c59a6dd2afb0090
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ab8eda16b1890f3c57841505aa71dd8a4128bbc7b359d079563e4ed2378bf19
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB113831505325BFCB04ABA8A8116EDB7B5EF45320F144019F814A73C1DF709D8097F1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EDF0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EDF7
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EE01
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EE52
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EE72
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6c17954547ea026b1bc36e4cb86c6c8dcaf11479126f9a7b738698d3a925fa26
                                                                                                                                                                                                                                                                                                      • Instruction ID: f3de001082f591cb26cacc1a016efe98e3019e1452b86b956beb5ca5058f3f98
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6c17954547ea026b1bc36e4cb86c6c8dcaf11479126f9a7b738698d3a925fa26
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1C01C435900225ABCF05EB64A8216EEB771AF89310F244408F821A73D1CF309E81DBF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1ED5B Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1ED62
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1ED6C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EDBD
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EDDD
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2e217339f8a59bc0e56a885658e0d98ec847fa734034a4b3f487b8e69f36e80e
                                                                                                                                                                                                                                                                                                      • Instruction ID: df6d6c2e3c3dd2cc65717354300ea518e2ce0c29516e21cd2d8b9a5f2fe3f907
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e217339f8a59bc0e56a885658e0d98ec847fa734034a4b3f487b8e69f36e80e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C01A135900225ABCB05EB64A8656FDB771AF99320F144419E821AB3D1CF349E819BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EE85 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EE8C
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EE96
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EEE7
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EF07
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: d8c07a14809744aed205a2e7ee484c4c5c35d2603a05250b555a66c8fbeeb0cc
                                                                                                                                                                                                                                                                                                      • Instruction ID: a7b9cef7a3cfac27b3ae51dabca04b703fe052c85da5cd532a0c8b2b3ef53ed0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8c07a14809744aed205a2e7ee484c4c5c35d2603a05250b555a66c8fbeeb0cc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E01C435900225ABCF05EBA4A8256FDB771AF85320F184409E821AB3D1CF349E41DBB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1EF1A Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1EF21
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1EF2B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1EF7C
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1EF9C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: d4a77b2e17a38dc888f5086a8b7fa69817840e68f473b1bebc975ae9a0eb94df
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2533d702da04d40e009c298ffcd6016f3b470b1d5f383fa36f9c1f9c2107a8e2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d4a77b2e17a38dc888f5086a8b7fa69817840e68f473b1bebc975ae9a0eb94df
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0101C479900215AFCF05EB64E8216EEBB71AF85310F184419F825AB3D1CF309A41DBF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B1CC Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B1D3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B1DD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B22E
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B24E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7b82bace0b2e19658c3da4ec00d3d569816f6b217f51c25edf62a899b91460d7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7d86836d011fdbd2af5b7f26bef62394e6910ed96b225f5919778a856cc80441
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7b82bace0b2e19658c3da4ec00d3d569816f6b217f51c25edf62a899b91460d7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1501C479900225DBCF05EB64A8656AEB771EF95324F14440AE421AB3D1CF709A419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F298 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F29F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F2A9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F2FA
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F31A
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2832b8bd730b658771961493fe8066050cb0cf31b9d0f834195acb88216c1c05
                                                                                                                                                                                                                                                                                                      • Instruction ID: d7957d0d20c4b7f4107f577fabcb31362480d32335c79ac5b23d89ebffe3703f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2832b8bd730b658771961493fe8066050cb0cf31b9d0f834195acb88216c1c05
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9801C475900215ABCF05EB64A8256EDB771AF85320F180419E421A73D1CF709E419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B261 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B268
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B272
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B2C3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B2E3
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 863e4a5911e80635adc05d618b6b0d3e61056628618db1a8f0c9a172a6bb2aec
                                                                                                                                                                                                                                                                                                      • Instruction ID: dad4846bb2be14953ce2893df61d8d4e56b0991daddeabf0fb843202bdec2259
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 863e4a5911e80635adc05d618b6b0d3e61056628618db1a8f0c9a172a6bb2aec
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED01C435900329DBCF05EBA4A8226AEB771BF95324F140409E821A73D2DF749A4197B5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F203 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F20A
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F214
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F265
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F285
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b09b09641bf6facde1125700992271e341a0177fc6c50c2e133c935556a0ef27
                                                                                                                                                                                                                                                                                                      • Instruction ID: 591e85aa84ce83975a993264c438c81742572b11b27dc9208151c97799108a76
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b09b09641bf6facde1125700992271e341a0177fc6c50c2e133c935556a0ef27
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7801D6399002259BCF05EB64E8216EEBBB1EF89310F180918E421A73D1CF749E419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F32D Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F334
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F33E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F38F
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F3AF
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c715693910793868fa3fc540f5c9c50203eb5c4e94a94d14070ff12c8fa53436
                                                                                                                                                                                                                                                                                                      • Instruction ID: 487ee4853164c8eb27774935ceccb97d5428681388dec4b59282567e6a597f25
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c715693910793868fa3fc540f5c9c50203eb5c4e94a94d14070ff12c8fa53436
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D0184369006259BCF05FB64E8656EEB771EF85310F180519E421A73D1CF749E8197B1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F4EC Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F4F3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F4FD
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F54E
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F56E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a2b7609693ae91bf982c814b3d050e13e62da30b62a45d0d27b88f773d2eb3e3
                                                                                                                                                                                                                                                                                                      • Instruction ID: 26a828d656a411de30d0120c4473c31a281b299b6249a4ea551baa6be1e0b530
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a2b7609693ae91bf982c814b3d050e13e62da30b62a45d0d27b88f773d2eb3e3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E01D635900625EBDF05EF64E8616EEB771EF85320F180518E421A73D1CF309E829BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B4B5 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B4BC
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B4C6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B517
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B537
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ce35ad4b75a1070b861e38629aa395f4a26f832429fe6464228d1c3760c2a083
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5b6c766ae139a58f468d11661312ac52155be55e9480f8941a9fbd43854d30b2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce35ad4b75a1070b861e38629aa395f4a26f832429fe6464228d1c3760c2a083
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8301D235900225DBCF05EB64E825AAEB771EF99324F18040AE421AB3D2CF709E419BF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F457 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F45E
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F468
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F4B9
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F4D9
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a4044d7d01b81774ba08867c256a170ecebfc64276781ee67b0f043db31406c0
                                                                                                                                                                                                                                                                                                      • Instruction ID: 51b9a82902139c4cf6891e28465a4bcb6df4874ebf8f1220dc5b9ff7caca4e16
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a4044d7d01b81774ba08867c256a170ecebfc64276781ee67b0f043db31406c0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A901C475900225AFCF05EB64E8656EEB771AF95320F180418F421A73D1DF749A819BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2B420 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D2B427
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D2B431
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D2B482
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D2B4A2
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: ce5555d698bd0cc516ef83eaf92f16238c06abf4c5bd2ce313b3bdbf06bdaadc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1b3d8c1530eb6b0a92b95d77092514bc889bb34a42c7509b25147281c334e40a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce5555d698bd0cc516ef83eaf92f16238c06abf4c5bd2ce313b3bdbf06bdaadc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A60104359002259BCF04FF64E8616AEB771AF95328F18450AE510A73D2CF749A419BB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F581 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F588
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F592
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F5E3
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F603
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a7a851f0cedb99df46c3c315d7723ed475e7210a0306ce7dc71e97613b9f8c72
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9bd0b28752103554aad0fd8b4a2233ea1e34f4213bbb1235d6de1cdd3cbeba1b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7a851f0cedb99df46c3c315d7723ed475e7210a0306ce7dc71e97613b9f8c72
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B001D235900225AFCF05EFA4E8216EEB771EF85320F240819E425AB3D1CF709E419BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1F616 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D1F61D
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D1F627
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::_Lockit.LIBCPMT ref: 00C15C4F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C15C40: std::_Lockit::~_Lockit.LIBCPMT ref: 00C15C6A
                                                                                                                                                                                                                                                                                                      • std::_Facet_Register.LIBCPMT ref: 00D1F678
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1F698
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2854358121-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8731de43cbf4f556124119de669e43cc2337e44ab98e0bcf2b91e7cf37c798d6
                                                                                                                                                                                                                                                                                                      • Instruction ID: a53b6d04d8145781918732ee9aef546fe5939877c2e0568fdbf773d76b74d3c6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8731de43cbf4f556124119de669e43cc2337e44ab98e0bcf2b91e7cf37c798d6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE01C075900226AFCF05EB64A8256EEB771EFC9314F184519E421AB3E1CF309E429BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D1CEFB Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000400,00000000,00000000,00000000,?,00000000,00000000,?,?,?,00C47B5F,?,?,00000000,00000000), ref: 00D1CF18
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00C47B5F,?,?,00000000,00000000,00000000,?), ref: 00D1CF24
                                                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,00C47B5F,?,?,00000000,00000000,00000000), ref: 00D1CF4A
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00C47B5F,?,?,00000000,00000000,00000000,?), ref: 00D1CF56
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 203985260-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4acbf6f92924461c1596012d7a9d54fe2df868623f28df6117b4954538a9f3c5
                                                                                                                                                                                                                                                                                                      • Instruction ID: 1a53e29e473a5438b0c49d396f00712a3ea91f6ca93f11cc9fe27a2af4764d22
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4acbf6f92924461c1596012d7a9d54fe2df868623f28df6117b4954538a9f3c5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76011236651159BB8F220F51EC08D9B3E2BFFD9B91B148025FE0195220CA71C862E7B0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D190EE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __EH_prolog3.LIBCMT ref: 00D190F5
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00D19100
                                                                                                                                                                                                                                                                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1916E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D19280: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00D19298
                                                                                                                                                                                                                                                                                                      • std::locale::_Setgloballocale.LIBCPMT ref: 00D1911B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 677527491-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 576479fd9663f6dca225488acadc29e97d7ffb52554ca8cee995242c823df030
                                                                                                                                                                                                                                                                                                      • Instruction ID: af7007043abdf825f29825bd57f46217b75ae06d6f2b56f42f35f09b072ffcda
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 576479fd9663f6dca225488acadc29e97d7ffb52554ca8cee995242c823df030
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AB01BC75A01221ABDB05EB20E8755BDBB71FF85350B184009E82697391CF74AE86CFF1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D4082C Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(?,?,?,00D4091B,?), ref: 00D40837
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00D4091B,?), ref: 00D40841
                                                                                                                                                                                                                                                                                                      • __dosmaperr.LIBCMT ref: 00D40848
                                                                                                                                                                                                                                                                                                      • GetCurrentDirectoryW.KERNEL32(?,?,?,?,00D4091B,?), ref: 00D4086F
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$ErrorLast__dosmaperr
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1554857224-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 389b90dd7ffb799a2f8735bb5b1323a22a768fc966f46e7d618de077794e171a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5a6b3e8b842172b0c6a79aaf16e957c2f4e91f64967ab11af19fc1349930360a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 389b90dd7ffb799a2f8735bb5b1323a22a768fc966f46e7d618de077794e171a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 95F0F831600700AF9F30AB71ED0891B7FA9EF443107148929F6AAC2524EB71E840ABB0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D59529 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,00D57B78,00000000,00000001,0000000C,00000000,?,00D4B08E,00000000,00000000,00000000), ref: 00D59540
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00D57B78,00000000,00000001,0000000C,00000000,?,00D4B08E,00000000,00000000,00000000,00000000,00000000,?,00D4B668,?), ref: 00D5954C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D59512: CloseHandle.KERNEL32(FFFFFFFE,00D5955C,?,00D57B78,00000000,00000001,0000000C,00000000,?,00D4B08E,00000000,00000000,00000000,00000000,00000000), ref: 00D59522
                                                                                                                                                                                                                                                                                                      • ___initconout.LIBCMT ref: 00D5955C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D594D4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D59503,00D57B65,00000000,?,00D4B08E,00000000,00000000,00000000,00000000), ref: 00D594E7
                                                                                                                                                                                                                                                                                                      • WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,00D57B78,00000000,00000001,0000000C,00000000,?,00D4B08E,00000000,00000000,00000000,00000000), ref: 00D59571
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2744216297-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 644c1f6bec987abaf74932e3a61233d23263b971e68f6e19de3547bce3dd20c3
                                                                                                                                                                                                                                                                                                      • Instruction ID: fd28003a4bf3f408f9aa7b843a041164c3cf3858ecdd2095e7047b0bedbc9852
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 644c1f6bec987abaf74932e3a61233d23263b971e68f6e19de3547bce3dd20c3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF03036500315FBCF221F95DC14A897F26FB093A2B044010FE09C5231DA72C930ABF4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2F58C Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SleepConditionVariableCS.KERNELBASE(?,00D2F529,00000064), ref: 00D2F5AF
                                                                                                                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(00DA1E20,?,?,00D2F529,00000064,?,?,00C199C7,00DA2A5C,00C2F6FF), ref: 00D2F5B9
                                                                                                                                                                                                                                                                                                      • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00D2F529,00000064,?,?,00C199C7,00DA2A5C,00C2F6FF), ref: 00D2F5CA
                                                                                                                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(00DA1E20,?,00D2F529,00000064,?,?,00C199C7,00DA2A5C,00C2F6FF), ref: 00D2F5D1
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3269011525-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: a1b54c66b41a88decd8d6a8565bd45673b71aabc7c01381e2cccdd890b5b2346
                                                                                                                                                                                                                                                                                                      • Instruction ID: 15f2da4b901ca01d7edc20ccac2ca3b508f441b3391359c3d30366de730e808a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1b54c66b41a88decd8d6a8565bd45673b71aabc7c01381e2cccdd890b5b2346
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 66E0ED3A541334ABCB011F90FC09E9E7B25EB0A755F044030FD09E63A0DBA59A509BF5
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C68B50 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 301COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C68C62
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C68CB1
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C68380: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C68449
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • recovered %d pages from %s, xrefs: 00C68EA1
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID: recovered %d pages from %s
                                                                                                                                                                                                                                                                                                      • API String ID: 885266447-1623757624
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2ad05ec4aef13110913e808d05f219003adf9deafc1386b7db4354d2cfeaa6bd
                                                                                                                                                                                                                                                                                                      • Instruction ID: 64213e8476f545464af7ca83e1060a308425524202fce8ab18e2f73c62ceee8e
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2ad05ec4aef13110913e808d05f219003adf9deafc1386b7db4354d2cfeaa6bd
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DB19C71A04712AFC734CF24C880B6AB7E5BF98344F044629EDA597351DB30EE598BE1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C2B590 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C2B8E5
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C2B95E
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C2B96D
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy$___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: parse error$ror
                                                                                                                                                                                                                                                                                                      • API String ID: 1206660477-4201802366
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5ae5bce3285925f58481079f20eb3f6da4b95c90ed471b0bf54dda04f156f8b7
                                                                                                                                                                                                                                                                                                      • Instruction ID: a264cecf4380a5d40a5ee795158974fd4e5ef1e00b09d0d3a2ac58eeb751fda5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ae5bce3285925f58481079f20eb3f6da4b95c90ed471b0bf54dda04f156f8b7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82B1E271C142588FDB08CF68DC847ADBB71FF55310F148398E4086BB92D7B4AAC58B60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C16790 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C168A8
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: ios_base::failbit set$iostream
                                                                                                                                                                                                                                                                                                      • API String ID: 2659868963-302468714
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9735e4295b2cf49263af72778ffe4a85f2ddc868d0eccee0e895f354dd80867f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 36c9a74352fae3788cdc33dc18cd06aeb3c17f8ce16dd7118d29387802a4badc
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9735e4295b2cf49263af72778ffe4a85f2ddc868d0eccee0e895f354dd80867f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3719071D002089FDB08DFA8C885BEEFBB5EF59310F14822DE815A7781D774A984DBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D2E441 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                      • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                                                                                                      • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                                                                                                      • Opcode ID: 23fb637f90ad2eacd3c4fbf611d7d52c85f4d6c18737e1c6339f5c9acd954872
                                                                                                                                                                                                                                                                                                      • Instruction ID: 480046b679ea2f94e44c1c503105ee2929978402efb61f38d0d096d4428c8376
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23fb637f90ad2eacd3c4fbf611d7d52c85f4d6c18737e1c6339f5c9acd954872
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E511570A142799BDF249E6CE4507BEFBF9AF6530CF1C446AE49197240E270C9428B70
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00CA9AF0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • object name reserved for internal use: %s, xrefs: 00CA9C8C
                                                                                                                                                                                                                                                                                                      • sqlite_, xrefs: 00CA9BCE
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _strrchr
                                                                                                                                                                                                                                                                                                      • String ID: object name reserved for internal use: %s$sqlite_
                                                                                                                                                                                                                                                                                                      • API String ID: 3213747228-4055618681
                                                                                                                                                                                                                                                                                                      • Opcode ID: b518949ab920e20b86afd36f983d093081d8834b207219d70b0a672ae868780a
                                                                                                                                                                                                                                                                                                      • Instruction ID: cf5120c9aa35f47a5445aa455ef1616facb052edc534c88903bc36b38bbcc66a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b518949ab920e20b86afd36f983d093081d8834b207219d70b0a672ae868780a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7412A2070474B4BDB344A25A852772BBD2EB9375DF180479EC9ACB287E676CE498270
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C238F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23CA7
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23CC0
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23DF8
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23E11
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23F77
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C23F90
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C247AA
                                                                                                                                                                                                                                                                                                      • ___std_exception_destroy.LIBVCRUNTIME ref: 00C247C3
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ___std_exception_destroy
                                                                                                                                                                                                                                                                                                      • String ID: value
                                                                                                                                                                                                                                                                                                      • API String ID: 4194217158-494360628
                                                                                                                                                                                                                                                                                                      • Opcode ID: 084b057711d6c4e00b394aa8f9db084d8d0dbc479cea2c0e8a80dcd4a9f8aa17
                                                                                                                                                                                                                                                                                                      • Instruction ID: 081ffec643e5eca42ce50b52ea686a101805f329297f21080e27a71756305ac1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 084b057711d6c4e00b394aa8f9db084d8d0dbc479cea2c0e8a80dcd4a9f8aa17
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9D51E270C00258DBDF14DFA4DC45BDEBBB4AF05304F148269E419AB782DB746A89DFA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C586D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C58794
                                                                                                                                                                                                                                                                                                      • __allrem.LIBCMT ref: 00C58840
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                      • String ID: local time unavailable
                                                                                                                                                                                                                                                                                                      • API String ID: 1992179935-3313036412
                                                                                                                                                                                                                                                                                                      • Opcode ID: ca5fb745f3776bd926ec80cfe9a4425d8cac9811e850493c3e063278c29508d6
                                                                                                                                                                                                                                                                                                      • Instruction ID: 81eda9afc907c7263fcc94a96e0b34b4673d510bbfdc536c5647f1c48d249911
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca5fb745f3776bd926ec80cfe9a4425d8cac9811e850493c3e063278c29508d6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B41C031908B409BD711CF38C841B5BF7E4FF98355F204B1DF99592291EB74E5888B52
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00CA5400 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: __aulldiv
                                                                                                                                                                                                                                                                                                      • String ID: %llu$%llu
                                                                                                                                                                                                                                                                                                      • API String ID: 3732870572-4283164361
                                                                                                                                                                                                                                                                                                      • Opcode ID: eb182b2b06c6c0076bf22e60f13c37e2907c033f9a5fdb7ab021e4a09ce483b6
                                                                                                                                                                                                                                                                                                      • Instruction ID: c78602299f7ef719b1ff639a49788aceae77d84d449cdbf383a53b996f1561ab
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb182b2b06c6c0076bf22e60f13c37e2907c033f9a5fdb7ab021e4a09ce483b6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 743156716047015BC320EE14DC02F6BB7E5EFC5719F044A2CF9A94B2D2E771EA8887A6
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C308A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: GetProcessHeap.KERNEL32 ref: 00C1997C
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C199A7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00C19950: __Init_thread_footer.LIBCMT ref: 00C19A25
                                                                                                                                                                                                                                                                                                      • ___std_exception_copy.LIBVCRUNTIME ref: 00C309AC
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_footer$HeapProcess___std_exception_copy
                                                                                                                                                                                                                                                                                                      • String ID: eM=%ws$eM=%ws&eC=%d
                                                                                                                                                                                                                                                                                                      • API String ID: 4174076637-4242314460
                                                                                                                                                                                                                                                                                                      • Opcode ID: 881e8de7d8e0739efb156af450bc47e12c3154c627eac038874e248747861c9b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 28af138b714f779b5757c391ab8ad9ef1a1bc1622e2cdacd6877591ae7915018
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 881e8de7d8e0739efb156af450bc47e12c3154c627eac038874e248747861c9b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22319472600605DFD700EF58C845B5AF7B9EF45320F248659E428E7391E7709E44CBA1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C15E50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C15E71
                                                                                                                                                                                                                                                                                                      • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C15EC0
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: d1d9266a10a0dc52f6bb18bd652cd6fa33c180807238bc3530b92db564641d95
                                                                                                                                                                                                                                                                                                      • Instruction ID: fd2f16190fa366397a7695ca58e4fbd5b73cd9a27fd9413f5788570e2e3a511f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d1d9266a10a0dc52f6bb18bd652cd6fa33c180807238bc3530b92db564641d95
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A111AD70400B80EFD321CF69C815747BBE4EF19710F008A1EE49A87B81D7B9A608CBA6
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C14460 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 00C14483
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: LockitLockit::_std::_
                                                                                                                                                                                                                                                                                                      • String ID: bad locale name
                                                                                                                                                                                                                                                                                                      • API String ID: 3382485803-1405518554
                                                                                                                                                                                                                                                                                                      • Opcode ID: 4f445e6565766eef4ffcad9873c4844ec68ad5525bd8937974a656b83f85d00e
                                                                                                                                                                                                                                                                                                      • Instruction ID: d365f677027171da952471d51648f70b25bec152eb2a4772facd396a9bc5ca65
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4f445e6565766eef4ffcad9873c4844ec68ad5525bd8937974a656b83f85d00e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE11A57190021AEBCB15DF88D941BEEFB79FB46710F004219ED1457381D770AA85CBE0
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00C13EA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 00C13EDD
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                                                                      • String ID: false$true
                                                                                                                                                                                                                                                                                                      • API String ID: 118556049-2658103896
                                                                                                                                                                                                                                                                                                      • Opcode ID: 17667ab641d8476f38418038714d6c7fa9287bdbb22133369ee9914ef3d5268c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 403eef255094a622ba50ce321a63d96467d890cb91d85326cf75864bf5ab8748
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17667ab641d8476f38418038714d6c7fa9287bdbb22133369ee9914ef3d5268c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 71E09B326043512FC2129614AC19DFBA7A5CFC3705F094558F8549B111DA558A4597E1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00D18805 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D8F0: InitializeCriticalSectionEx.KERNEL32(00DA18EC,00000000,00000000,00D18834,?,?,?,00BF6228), ref: 00D0D8F5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00D0D8F0: GetLastError.KERNEL32(?,?,?,00BF6228), ref: 00D0D8FF
                                                                                                                                                                                                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,00BF6228), ref: 00D18838
                                                                                                                                                                                                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00BF6228), ref: 00D18847
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00D18842
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000016.00000002.2760680953.0000000000BF1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00BF0000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760654966.0000000000BF0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760826083.0000000000D66000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760865189.0000000000D9D000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760888110.0000000000D9E000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760912100.0000000000D9F000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760935286.0000000000DA0000.00000008.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760971547.0000000000DA1000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000016.00000002.2760996267.0000000000DAC000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_22_2_bf0000_PcAppStore.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                      • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                                                                      • Opcode ID: 16f7dc4707edb3d5dca04bcc48053c60da46a1ee7bda3ca31de6cf6d60ce37cd
                                                                                                                                                                                                                                                                                                      • Instruction ID: a13ae2d0ae88531a81cad199a300e9691d4e211826a1580d36b6da53d9160c7d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16f7dc4707edb3d5dca04bcc48053c60da46a1ee7bda3ca31de6cf6d60ce37cd
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2DE06D702003408FC3209F79F8047827AE4EB05700F40882EE855C3342DFB5D4888BB1
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                                                      Execution Coverage:1.5%
                                                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                                                                                      Total number of Nodes:565
                                                                                                                                                                                                                                                                                                      Total number of Limit Nodes:12
                                                                                                                                                                                                                                                                                                      execution_graph 54728 7ff7327124dc 54729 7ff73271251b shared_ptr 54728->54729 54783 7ff732740d30 54729->54783 54731 7ff73271254c 54732 7ff73271258d 54731->54732 54886 7ff732711aec 105 API calls shared_ptr 54731->54886 54789 7ff732776d0c 54732->54789 54736 7ff7327125b2 IsExtensionPointDisableSet 54887 7ff732712aac 64 API calls 54736->54887 54738 7ff7327125c8 shared_ptr 54822 7ff732748c20 54738->54822 54742 7ff73271267c 54846 7ff732747080 54742->54846 54744 7ff73271269d 54850 7ff732747230 54744->54850 54747 7ff732748210 107 API calls 54748 7ff7327126b4 54747->54748 54749 7ff73271273f memcpy_s 54748->54749 54750 7ff732712790 54748->54750 54751 7ff732712757 GetCurrentDirectoryW 54749->54751 54753 7ff7327127a2 GetLastError 54750->54753 54759 7ff7327128c3 54750->54759 54855 7ff732747db0 54751->54855 54888 7ff73274ca80 163 API calls shared_ptr 54753->54888 54756 7ff7327127ce 54889 7ff732712093 124 API calls 2 library calls 54756->54889 54895 7ff73286aba0 54759->54895 54760 7ff7327127e8 54890 7ff73274cc30 124 API calls _log10_special 54760->54890 54762 7ff732712812 54874 7ff732766540 54762->54874 54766 7ff7327127f7 54894 7ff73274cb70 129 API calls _log10_special 54766->54894 54770 7ff732712861 54772 7ff7327128c7 54770->54772 54773 7ff732712866 54770->54773 54771 7ff732712853 SetCurrentDirectoryW 54771->54770 54772->54759 54776 7ff7327128d5 GetLastError 54772->54776 54774 7ff732712882 GetProcAddress 54773->54774 54775 7ff732712872 SetProcessShutdownParameters 54773->54775 54774->54759 54775->54774 54891 7ff73274ca80 163 API calls shared_ptr 54776->54891 54779 7ff732712901 54892 7ff732712093 124 API calls 2 library calls 54779->54892 54781 7ff73271291b 54893 7ff73274cc90 124 API calls _log10_special 54781->54893 54784 7ff732740d87 54783->54784 54786 7ff732740da3 54784->54786 54904 7ff73273c16c 54784->54904 54787 7ff73286aba0 _log10_special 8 API calls 54786->54787 54788 7ff732740e62 54787->54788 54788->54731 54965 7ff732740c90 54789->54965 54791 7ff73286aba0 _log10_special 8 API calls 54792 7ff7327125a3 54791->54792 54792->54736 54792->54738 54793 7ff732776d39 shared_ptr 54794 7ff732740d30 107 API calls 54793->54794 54797 7ff732776f5f 54793->54797 54795 7ff732776d89 shared_ptr 54794->54795 54795->54797 54971 7ff732711a2e 54795->54971 54797->54791 54798 7ff732776dca shared_ptr 54798->54797 54799 7ff732711a2e 105 API calls 54798->54799 54800 7ff732776e18 54799->54800 54801 7ff732776e3f shared_ptr 54800->54801 54803 7ff732776fb7 shared_ptr 54800->54803 54802 7ff732711a2e 105 API calls 54801->54802 54805 7ff732776e66 54802->54805 54804 7ff732740d30 107 API calls 54803->54804 54807 7ff732776fe2 54804->54807 54806 7ff732776e8d shared_ptr 54805->54806 54808 7ff732776ffd 54805->54808 54809 7ff732711a2e 105 API calls 54806->54809 54983 7ff732777021 165 API calls 2 library calls 54807->54983 54811 7ff732740c90 163 API calls 54808->54811 54812 7ff732776eb4 54809->54812 54811->54797 54812->54797 54978 7ff73271c6f8 109 API calls _log10_special 54812->54978 54814 7ff732776eec 54814->54797 54979 7ff73271c6f8 109 API calls _log10_special 54814->54979 54816 7ff732776f0a 54816->54797 54980 7ff73273f2e0 163 API calls shared_ptr 54816->54980 54818 7ff732776f32 54981 7ff732742ad0 107 API calls 2 library calls 54818->54981 54820 7ff732776f54 54982 7ff73274cc90 124 API calls _log10_special 54820->54982 54986 7ff732760840 54822->54986 54825 7ff732748210 107 API calls 54826 7ff732748c8b 54825->54826 54827 7ff73286aba0 _log10_special 8 API calls 54826->54827 54828 7ff732712662 54827->54828 54829 7ff732748210 54828->54829 54830 7ff732748273 54829->54830 54832 7ff732748251 54829->54832 54831 7ff7327482e7 54830->54831 54834 7ff732748307 54830->54834 54833 7ff732747320 107 API calls 54831->54833 54832->54830 55013 7ff7327172de 54832->55013 54836 7ff732748373 54833->54836 55027 7ff732747320 54834->55027 55035 7ff732748460 54836->55035 54839 7ff73274831e 54842 7ff73286aba0 _log10_special 8 API calls 54839->54842 54840 7ff732748419 55045 7ff73273c76c 107 API calls 2 library calls 54840->55045 54843 7ff732748448 54842->54843 54843->54742 54847 7ff7327470a0 54846->54847 55050 7ff7327470d0 54847->55050 55084 7ff7327668e0 54850->55084 54852 7ff7327126af 54852->54747 54852->54748 54853 7ff73274723d 54853->54852 55092 7ff73276cab0 182 API calls 54853->55092 54856 7ff732747320 107 API calls 54855->54856 54857 7ff732747e13 54856->54857 54858 7ff732748460 107 API calls 54857->54858 54862 7ff732747e1b 54858->54862 54859 7ff732747ea1 54867 7ff732747eaf 54859->54867 55095 7ff73273cbfc 107 API calls shared_ptr 54859->55095 54860 7ff732748460 107 API calls 54869 7ff732747f23 54860->54869 54862->54859 54863 7ff732747f88 54862->54863 54864 7ff732748077 54862->54864 54863->54859 54865 7ff732748022 54863->54865 54863->54867 54866 7ff732715698 shared_ptr 105 API calls 54864->54866 54865->54867 54868 7ff7327480a3 54865->54868 54866->54868 54867->54860 54871 7ff732715698 shared_ptr 105 API calls 54868->54871 54870 7ff73286aba0 _log10_special 8 API calls 54869->54870 54872 7ff73271277f SetCurrentDirectoryW 54870->54872 54873 7ff7327480cf 54871->54873 54872->54762 54875 7ff732766567 54874->54875 54885 7ff732766619 54874->54885 55096 7ff73277f480 54875->55096 54876 7ff73286aba0 _log10_special 8 API calls 54878 7ff732712826 LoadLibraryW 54876->54878 54878->54770 54878->54771 54880 7ff7327665bc GetCurrentProcess PrefetchVirtualMemory 54881 7ff732766602 54880->54881 54882 7ff73276660d 54880->54882 55105 7ff732749510 211 API calls 2 library calls 54881->55105 55106 7ff73277f440 192 API calls 54882->55106 54885->54876 54886->54732 54887->54738 54888->54756 54889->54760 54890->54766 54891->54779 54892->54781 54893->54766 54894->54759 54896 7ff73286aba9 54895->54896 54897 7ff732712957 54896->54897 54898 7ff73286b26c IsProcessorFeaturePresent 54896->54898 54899 7ff73286b284 54898->54899 55134 7ff73286b3b0 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 54899->55134 54901 7ff73286b297 55135 7ff73286b424 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 54901->55135 54905 7ff73273c189 54904->54905 54906 7ff73273c179 54904->54906 54908 7ff732712b6e 54905->54908 54906->54786 54912 7ff732712b91 54908->54912 54913 7ff732712b86 54908->54913 54909 7ff732712c26 54945 7ff732883384 59 API calls ProcessCodePage 54909->54945 54911 7ff732712c2b 54946 7ff732711c35 59 API calls ProcessCodePage 54911->54946 54912->54909 54912->54911 54918 7ff73286a7f8 54912->54918 54929 7ff732715698 54913->54929 54919 7ff73286a803 54918->54919 54920 7ff73286a81c 54919->54920 54922 7ff73286a822 54919->54922 54947 7ff73287e1b0 54919->54947 54920->54913 54923 7ff73286a82d 54922->54923 54950 7ff73286af10 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 54922->54950 54951 7ff73286af30 RtlPcToFileHeader RaiseException Concurrency::cancel_current_task std::bad_alloc::bad_alloc 54923->54951 54930 7ff7327156a4 54929->54930 54931 7ff7327156c2 54930->54931 54958 7ff732711aec 105 API calls shared_ptr 54930->54958 54959 7ff73273bc94 105 API calls shared_ptr 54931->54959 54934 7ff7327156e2 54960 7ff732713834 105 API calls shared_ptr 54934->54960 54936 7ff7327156ed 54961 7ff732880cb8 11 API calls _get_daylight 54936->54961 54938 7ff7327158d6 54962 7ff73288fa94 59 API calls 4 library calls 54938->54962 54940 7ff7327158dd 54963 7ff732880cb8 11 API calls _get_daylight 54940->54963 54942 7ff7327158e5 shared_ptr 54964 7ff732717638 96 API calls 3 library calls 54942->54964 54944 7ff73271591f 54945->54911 54952 7ff73287e1f4 54947->54952 54957 7ff732896808 EnterCriticalSection 54952->54957 54954 7ff73287e201 54955 7ff732896824 shared_ptr LeaveCriticalSection 54954->54955 54956 7ff73287e1be 54955->54956 54956->54919 54958->54931 54959->54934 54960->54936 54961->54938 54962->54940 54963->54942 54964->54944 54966 7ff732740cc2 54965->54966 54967 7ff732740cb3 shared_ptr 54965->54967 54984 7ff73273f2e0 163 API calls shared_ptr 54966->54984 54969 7ff73286aba0 _log10_special 8 API calls 54967->54969 54970 7ff732740d20 54969->54970 54970->54793 54972 7ff732711a41 54971->54972 54974 7ff732711a49 54971->54974 54985 7ff732711aec 105 API calls shared_ptr 54972->54985 54975 7ff732711a70 54974->54975 54976 7ff732715698 shared_ptr 105 API calls 54974->54976 54975->54798 54977 7ff732711aa6 54976->54977 54978->54814 54979->54816 54980->54818 54981->54820 54982->54797 54983->54797 54984->54967 54985->54974 54989 7ff7327604e0 54986->54989 54988 7ff732748c53 54988->54825 54990 7ff73276051c 54989->54990 54991 7ff732760539 54990->54991 54992 7ff732760520 54990->54992 55006 7ff732760548 54991->55006 55010 7ff73273cbfc 107 API calls shared_ptr 54991->55010 55009 7ff7327612d0 107 API calls 3 library calls 54992->55009 54994 7ff732760531 54998 7ff73286aba0 _log10_special 8 API calls 54994->54998 54995 7ff732760813 54997 7ff732715698 shared_ptr 105 API calls 54995->54997 55000 7ff73276083f 54997->55000 54999 7ff732760800 54998->54999 54999->54988 55001 7ff7327604e0 107 API calls 55000->55001 55003 7ff732760865 55001->55003 55002 7ff732760773 55007 7ff732760760 55002->55007 55011 7ff73273cbfc 107 API calls shared_ptr 55002->55011 55003->54988 55004 7ff732760756 55004->54995 55004->55007 55006->54995 55006->55002 55006->55004 55007->54994 55012 7ff73273c5b4 107 API calls 2 library calls 55007->55012 55009->54994 55010->55006 55011->55007 55012->54994 55014 7ff7327172f5 55013->55014 55021 7ff7327172fe 55013->55021 55015 7ff732717381 55014->55015 55014->55021 55017 7ff732715698 shared_ptr 105 API calls 55015->55017 55016 7ff7327173d9 55046 7ff732883384 59 API calls ProcessCodePage 55016->55046 55019 7ff732717317 55017->55019 55023 7ff73271735b memcpy_s 55019->55023 55024 7ff732715698 shared_ptr 105 API calls 55019->55024 55020 7ff7327173de 55047 7ff732711c35 59 API calls ProcessCodePage 55020->55047 55021->55016 55021->55019 55021->55020 55022 7ff73286a7f8 shared_ptr 4 API calls 55021->55022 55022->55019 55023->54830 55024->55016 55028 7ff7327172de 107 API calls 55027->55028 55031 7ff732747337 55028->55031 55029 7ff73274734d 55029->54839 55030 7ff7327473b9 55030->55029 55048 7ff732883384 59 API calls ProcessCodePage 55030->55048 55031->55029 55031->55030 55033 7ff732715698 shared_ptr 105 API calls 55031->55033 55033->55030 55034 7ff732747407 55039 7ff73274847f 55035->55039 55036 7ff73274837b 55036->54840 55044 7ff73273cbfc 107 API calls shared_ptr 55036->55044 55037 7ff73274853d 55038 7ff732715698 shared_ptr 105 API calls 55037->55038 55040 7ff73274864d 55038->55040 55039->55036 55039->55037 55039->55040 55049 7ff73273cbfc 107 API calls shared_ptr 55039->55049 55041 7ff732715698 shared_ptr 105 API calls 55040->55041 55042 7ff732748679 55041->55042 55044->54840 55045->54839 55046->55020 55048->55034 55049->55039 55051 7ff7327470f7 55050->55051 55052 7ff7327470fb SetLastError 55051->55052 55056 7ff73274710f 55051->55056 55053 7ff73274716a 55052->55053 55054 7ff73286aba0 _log10_special 8 API calls 55053->55054 55055 7ff7327470c4 55054->55055 55055->54744 55058 7ff732747124 55056->55058 55080 7ff732747420 107 API calls 55056->55080 55060 7ff732767410 55058->55060 55061 7ff732767496 55060->55061 55062 7ff7327675bf SetLastError 55061->55062 55063 7ff732767511 CreateFileW 55061->55063 55077 7ff73276765c 55062->55077 55066 7ff732767646 55063->55066 55067 7ff7327675ff GetLastError 55063->55067 55070 7ff73276768a 55066->55070 55071 7ff73276764f GetLastError 55066->55071 55076 7ff732767620 55067->55076 55078 7ff732767613 55067->55078 55068 7ff732767669 55069 7ff73286aba0 _log10_special 8 API calls 55068->55069 55073 7ff732767679 55069->55073 55074 7ff7327676aa GetLastError 55070->55074 55070->55077 55082 7ff732767190 181 API calls 55071->55082 55073->55053 55074->55077 55075 7ff73276763b SetLastError 55075->55066 55076->55075 55083 7ff732762550 186 API calls _log10_special 55077->55083 55081 7ff73276cab0 182 API calls 55078->55081 55080->55058 55082->55077 55083->55068 55085 7ff7327669d7 55084->55085 55089 7ff73276690c 55084->55089 55086 7ff73286aba0 _log10_special 8 API calls 55085->55086 55087 7ff7327669e7 55086->55087 55087->54853 55088 7ff7327669bc 55094 7ff732762550 186 API calls _log10_special 55088->55094 55089->55088 55093 7ff73276cab0 182 API calls 55089->55093 55094->55085 55095->54867 55097 7ff7327665b8 55096->55097 55098 7ff73277f48f 55096->55098 55097->54880 55097->54881 55099 7ff7327470d0 209 API calls 55098->55099 55100 7ff73277f4b3 55099->55100 55100->55097 55107 7ff73277f100 55100->55107 55103 7ff73277f4d9 55129 7ff73277f3c0 192 API calls 55103->55129 55105->54882 55109 7ff73277f186 55107->55109 55108 7ff73277f379 55133 7ff732762550 186 API calls _log10_special 55108->55133 55109->55108 55112 7ff73277f1ae 55109->55112 55111 7ff73277f383 55113 7ff73286aba0 _log10_special 8 API calls 55111->55113 55115 7ff73277f1ed CreateFileMappingW 55112->55115 55114 7ff73277f393 55113->55114 55114->55097 55114->55103 55116 7ff73277f215 GetLastError 55115->55116 55121 7ff73277f261 55115->55121 55118 7ff73277f22a 55116->55118 55119 7ff73277f238 55116->55119 55117 7ff73277f26a 55117->55108 55130 7ff73276cab0 182 API calls 55118->55130 55120 7ff73277f255 SetLastError 55119->55120 55120->55121 55121->55117 55123 7ff73277f28d 55121->55123 55124 7ff73277f2bf 55121->55124 55131 7ff732767060 187 API calls _log10_special 55123->55131 55132 7ff73277f620 172 API calls _log10_special 55124->55132 55127 7ff73277f343 MapViewOfFile 55127->55117 55128 7ff73277f295 55128->55108 55128->55117 55128->55127 55129->55097 55131->55128 55132->55128 55133->55111 55134->54901 55136 7ff73271105d 55137 7ff732711062 55136->55137 55150 7ff732769a40 55137->55150 55141 7ff732711070 shared_ptr 55142 7ff732740d30 107 API calls 55141->55142 55143 7ff7327110c2 shared_ptr 55142->55143 55144 7ff732711a2e 105 API calls 55143->55144 55145 7ff7327110e4 shared_ptr 55144->55145 55146 7ff732711a2e 105 API calls 55145->55146 55147 7ff732711133 55146->55147 55148 7ff73271116a SignalChromeElf 55147->55148 55149 7ff732711184 55148->55149 55174 7ff73287e228 55150->55174 55153 7ff732711067 55157 7ff732740270 55153->55157 55155 7ff732883442 55180 7ff732897704 59 API calls _invalid_parameter_noinfo 55155->55180 55158 7ff732740377 55157->55158 55159 7ff73274029b 55157->55159 55160 7ff73286aba0 _log10_special 8 API calls 55158->55160 55161 7ff73286a7f8 shared_ptr 4 API calls 55159->55161 55162 7ff73274038a 55160->55162 55163 7ff7327402a5 55161->55163 55162->55141 55164 7ff73286a7f8 shared_ptr 4 API calls 55163->55164 55165 7ff7327402bc 55164->55165 55166 7ff732740399 55165->55166 55167 7ff7327402d1 GetCommandLineW 55165->55167 55168 7ff732715698 shared_ptr 105 API calls 55166->55168 55169 7ff732740329 55167->55169 55170 7ff732740338 55167->55170 55172 7ff7327403c5 55168->55172 55182 7ff7327403d0 55169->55182 55204 7ff73273f2e0 163 API calls shared_ptr 55170->55204 55181 7ff732896808 EnterCriticalSection 55174->55181 55176 7ff73287e23c 55177 7ff732896824 shared_ptr LeaveCriticalSection 55176->55177 55178 7ff732769a50 55177->55178 55178->55153 55179 7ff732880cb8 11 API calls _get_daylight 55178->55179 55179->55155 55180->55153 55205 7ff73276a860 55182->55205 55185 7ff73274042a LoadLibraryW 55186 7ff732740455 GetProcAddress 55185->55186 55190 7ff73274047a 55185->55190 55188 7ff73274046a 55186->55188 55187 7ff73286aba0 _log10_special 8 API calls 55189 7ff732740589 55187->55189 55188->55190 55189->55158 55192 7ff7327405cb 55190->55192 55195 7ff73286a7f8 shared_ptr 4 API calls 55190->55195 55203 7ff732740502 55190->55203 55233 7ff732883384 59 API calls ProcessCodePage 55192->55233 55202 7ff7327404cd 55195->55202 55196 7ff732740525 FreeLibrary 55201 7ff73274052e 55196->55201 55197 7ff7327405d0 55198 7ff73274059f 55199 7ff732715698 shared_ptr 105 API calls 55198->55199 55199->55192 55201->55187 55202->55198 55202->55203 55232 7ff732711b2c 107 API calls 3 library calls 55202->55232 55209 7ff73273fb50 55203->55209 55204->55169 55206 7ff73276a896 55205->55206 55207 7ff73286aba0 _log10_special 8 API calls 55206->55207 55208 7ff732740417 55207->55208 55208->55185 55208->55201 55210 7ff73273fb89 55209->55210 55225 7ff73273fb95 shared_ptr 55209->55225 55293 7ff732742c20 107 API calls 2 library calls 55210->55293 55212 7ff73273fd0b 55213 7ff73286a7f8 shared_ptr 4 API calls 55212->55213 55215 7ff73273fd32 55213->55215 55214 7ff73273fe61 55216 7ff73273fe8d 55214->55216 55217 7ff732715698 shared_ptr 105 API calls 55214->55217 55215->55216 55221 7ff73273fd3b 55215->55221 55218 7ff732715698 shared_ptr 105 API calls 55216->55218 55217->55216 55220 7ff73273feb9 55218->55220 55234 7ff7327434d0 55221->55234 55222 7ff73273fdb7 55223 7ff73273fddb 55222->55223 55227 7ff732747320 107 API calls 55222->55227 55243 7ff73273fa80 55223->55243 55225->55212 55225->55214 55226 7ff73273fe25 55275 7ff732740600 55226->55275 55227->55223 55230 7ff73286aba0 _log10_special 8 API calls 55231 7ff73273fe45 LocalFree 55230->55231 55231->55196 55231->55201 55232->55202 55233->55197 55235 7ff7327434db 55234->55235 55242 7ff7327434fe 55234->55242 55236 7ff7327434d0 105 API calls 55235->55236 55237 7ff7327434e9 55236->55237 55238 7ff7327434d0 105 API calls 55237->55238 55239 7ff7327434f5 55238->55239 55240 7ff732715698 shared_ptr 105 API calls 55239->55240 55239->55242 55241 7ff73274355d 55240->55241 55242->55222 55244 7ff73276a860 8 API calls 55243->55244 55245 7ff73273fad0 55244->55245 55246 7ff7327172de 107 API calls 55245->55246 55247 7ff73273fae4 55246->55247 55248 7ff73273faee 55247->55248 55249 7ff73273fb22 55247->55249 55251 7ff73286aba0 _log10_special 8 API calls 55248->55251 55250 7ff732715698 shared_ptr 105 API calls 55249->55250 55252 7ff73273fb4e 55250->55252 55253 7ff73273fb1a 55251->55253 55264 7ff73273fb95 shared_ptr 55252->55264 55294 7ff732742c20 107 API calls 2 library calls 55252->55294 55253->55226 55255 7ff73286a7f8 shared_ptr 4 API calls 55257 7ff73273fd32 55255->55257 55256 7ff73273fe61 55258 7ff73273fe8d 55256->55258 55259 7ff732715698 shared_ptr 105 API calls 55256->55259 55257->55258 55263 7ff73273fd3b 55257->55263 55260 7ff732715698 shared_ptr 105 API calls 55258->55260 55259->55258 55262 7ff73273feb9 55260->55262 55261 7ff7327434d0 105 API calls 55265 7ff73273fdb7 55261->55265 55263->55261 55264->55256 55273 7ff73273fd0b 55264->55273 55266 7ff73273fddb 55265->55266 55269 7ff732747320 107 API calls 55265->55269 55267 7ff73273fa80 163 API calls 55266->55267 55268 7ff73273fe25 55267->55268 55270 7ff732740600 163 API calls 55268->55270 55269->55266 55271 7ff73273fe38 55270->55271 55272 7ff73286aba0 _log10_special 8 API calls 55271->55272 55274 7ff73273fe45 55272->55274 55273->55255 55274->55226 55284 7ff732740661 55275->55284 55292 7ff732740b00 55275->55292 55276 7ff73286aba0 _log10_special 8 API calls 55278 7ff73273fe38 55276->55278 55277 7ff73273c16c 107 API calls 55277->55284 55278->55230 55279 7ff73276a860 8 API calls 55279->55284 55280 7ff732740b8f 55281 7ff732715698 shared_ptr 105 API calls 55280->55281 55282 7ff732740bbb 55281->55282 55285 7ff732715698 shared_ptr 105 API calls 55282->55285 55284->55277 55284->55279 55284->55280 55284->55282 55286 7ff7327172de 107 API calls 55284->55286 55290 7ff732740af0 55284->55290 55284->55292 55295 7ff732741c20 55284->55295 55305 7ff732741dd0 163 API calls _log10_special 55284->55305 55306 7ff732742e80 107 API calls 2 library calls 55284->55306 55287 7ff732740be7 55285->55287 55286->55284 55307 7ff732741f30 107 API calls 2 library calls 55290->55307 55292->55276 55293->55225 55294->55264 55296 7ff732741c48 55295->55296 55308 7ff732741560 55296->55308 55298 7ff73286aba0 _log10_special 8 API calls 55299 7ff732741dc1 55298->55299 55299->55284 55302 7ff732741d4f 55304 7ff732741ccd 55302->55304 55315 7ff73273c9a2 107 API calls 2 library calls 55302->55315 55304->55298 55305->55284 55306->55284 55307->55292 55311 7ff7327415b0 55308->55311 55309 7ff7327172de 107 API calls 55309->55311 55310 7ff732741654 55312 7ff73286aba0 _log10_special 8 API calls 55310->55312 55311->55309 55311->55310 55313 7ff73274166f 55312->55313 55313->55304 55314 7ff73273c9a2 107 API calls 2 library calls 55313->55314 55314->55302 55315->55304 55316 7ff732881994 55317 7ff7328819a4 55316->55317 55318 7ff7328819ad 55316->55318 55317->55318 55322 7ff732881a88 55317->55322 55323 7ff732881aa1 55322->55323 55334 7ff7328819b6 55322->55334 55336 7ff73289ce70 GetEnvironmentStringsW 55323->55336 55326 7ff732881aae 55362 7ff732894af8 11 API calls 2 library calls 55326->55362 55327 7ff732881aba 55343 7ff732881cc8 55327->55343 55332 7ff732881ae1 55364 7ff732894af8 11 API calls 2 library calls 55332->55364 55334->55318 55335 7ff732881ec4 67 API calls 3 library calls 55334->55335 55335->55318 55337 7ff73289ce94 55336->55337 55338 7ff732881aa6 55336->55338 55365 7ff732897d34 55337->55365 55338->55326 55338->55327 55340 7ff73289cecb memcpy_s 55372 7ff732894af8 11 API calls 2 library calls 55340->55372 55342 7ff73289ceeb FreeEnvironmentStringsW 55342->55338 55344 7ff732881cf0 55343->55344 55374 7ff732894a80 55344->55374 55346 7ff732881d33 55381 7ff732894af8 11 API calls 2 library calls 55346->55381 55348 7ff732881dad 55386 7ff732894af8 11 API calls 2 library calls 55348->55386 55349 7ff732881ac2 55363 7ff732894af8 11 API calls 2 library calls 55349->55363 55351 7ff732894a80 _get_daylight 11 API calls 55357 7ff732881d2b 55351->55357 55352 7ff732881d9c 55384 7ff732881b74 11 API calls __free_lconv_mon 55352->55384 55355 7ff732881da4 55385 7ff732894af8 11 API calls 2 library calls 55355->55385 55357->55346 55357->55348 55357->55351 55357->55352 55358 7ff732881dd0 55357->55358 55382 7ff732899e1c 59 API calls 2 library calls 55357->55382 55383 7ff732894af8 11 API calls 2 library calls 55357->55383 55387 7ff732897724 17 API calls ProcessCodePage 55358->55387 55362->55334 55363->55332 55364->55334 55366 7ff732897d7f 55365->55366 55370 7ff732897d43 _wcsftime_l 55365->55370 55373 7ff732880cb8 11 API calls _get_daylight 55366->55373 55368 7ff732897d66 RtlAllocateHeap 55369 7ff732897d7d 55368->55369 55368->55370 55369->55340 55370->55366 55370->55368 55371 7ff73287e1b0 _wcsftime_l 2 API calls 55370->55371 55371->55370 55372->55342 55373->55369 55375 7ff732894a91 _wcsftime_l 55374->55375 55376 7ff732894ac6 RtlAllocateHeap 55375->55376 55377 7ff732894ae2 55375->55377 55380 7ff73287e1b0 _wcsftime_l 2 API calls 55375->55380 55376->55375 55378 7ff732894ae0 55376->55378 55388 7ff732880cb8 11 API calls _get_daylight 55377->55388 55378->55357 55380->55375 55381->55349 55382->55357 55383->55357 55384->55355 55385->55346 55386->55349 55388->55378 55389 7ff732741690 55390 7ff7327416f5 55389->55390 55401 7ff7327417f4 55389->55401 55392 7ff7327418aa 55390->55392 55393 7ff7327416fe 55390->55393 55391 7ff732741a6f 55425 7ff732883384 59 API calls ProcessCodePage 55391->55425 55395 7ff732741a43 55392->55395 55396 7ff7327418b3 55392->55396 55393->55395 55406 7ff73274174f 55393->55406 55398 7ff732715698 shared_ptr 105 API calls 55395->55398 55400 7ff73273c16c 107 API calls 55396->55400 55397 7ff73274187b 55412 7ff732743030 55397->55412 55398->55391 55399 7ff732741a74 55426 7ff732711c35 59 API calls ProcessCodePage 55399->55426 55411 7ff7327418a5 55400->55411 55401->55391 55401->55397 55401->55399 55404 7ff73286a7f8 shared_ptr 4 API calls 55401->55404 55404->55397 55424 7ff73273cf80 107 API calls 2 library calls 55406->55424 55408 7ff73286aba0 _log10_special 8 API calls 55409 7ff7327419f8 55408->55409 55411->55408 55413 7ff732743053 55412->55413 55423 7ff732743066 55412->55423 55416 7ff7327432a7 55413->55416 55419 7ff73286a7f8 shared_ptr 4 API calls 55413->55419 55413->55423 55414 7ff73274327b 55418 7ff732715698 shared_ptr 105 API calls 55414->55418 55415 7ff73274325b 55417 7ff73273c16c 107 API calls 55415->55417 55427 7ff732711c35 59 API calls ProcessCodePage 55416->55427 55420 7ff7327418fa 55417->55420 55418->55416 55419->55423 55420->55395 55420->55411 55423->55414 55423->55415 55424->55411 55425->55399 55428 7ff732769e30 GetCurrentProcess TerminateProcess 55429 7ff73276cae0 55444 7ff73286ddc0 55429->55444 55431 7ff73276cb0d GetVersionExW GetProductInfo 55432 7ff73286a7f8 shared_ptr 4 API calls 55431->55432 55433 7ff73276cb50 55432->55433 55434 7ff73276cb78 55433->55434 55464 7ff73286a960 5 API calls _Init_thread_header 55433->55464 55446 7ff73276cd40 55434->55446 55439 7ff73286aba0 _log10_special 8 API calls 55441 7ff73276cb9f 55439->55441 55445 7ff73286dda0 55444->55445 55445->55431 55445->55445 55447 7ff73276cdf9 55446->55447 55465 7ff73276c5d0 RegOpenKeyExW 55447->55465 55451 7ff73276ce3b 55470 7ff73276c760 108 API calls 3 library calls 55451->55470 55453 7ff73276ce52 55456 7ff73276ce19 55453->55456 55471 7ff73276c760 108 API calls 3 library calls 55453->55471 55455 7ff73276d077 GetCurrentProcess 55472 7ff73276d490 20 API calls 3 library calls 55455->55472 55456->55455 55462 7ff73276d02e 55456->55462 55458 7ff73276d08e 55460 7ff73276d0b0 55458->55460 55473 7ff73273f2e0 163 API calls shared_ptr 55458->55473 55461 7ff73286aba0 _log10_special 8 API calls 55460->55461 55463 7ff73276cb8f 55461->55463 55462->55455 55463->55439 55466 7ff73276c614 55465->55466 55467 7ff73286aba0 _log10_special 8 API calls 55466->55467 55468 7ff73276c640 55467->55468 55468->55456 55469 7ff73276c6c0 8 API calls _log10_special 55468->55469 55469->55451 55470->55453 55471->55456 55472->55458 55473->55460

                                                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                                                      Function 00007FF73271105D Relevance: 32.0, APIs: 6, Strings: 12, Instructions: 525threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Current$Process$ChromeCommandDuplicateFileHandleLineModuleNameOpenSignalThread_invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\chrome\app\chrome_exe_main_win.cc$::GetModuleFileName(nullptr, exe_file, std::size(exe_file))$About to load main DLL.$Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers$crashpad-handler$fallback-handler$initial-client-data$no-periodic-tasks$ppapi$type$user-data-dir$utility
                                                                                                                                                                                                                                                                                                      • API String ID: 2838694760-2769541957
                                                                                                                                                                                                                                                                                                      • Opcode ID: ee75379e8e3e1553e8b5c5f35d9dfa9137cd4888b67628cc0ca4615c8f7ecfbb
                                                                                                                                                                                                                                                                                                      • Instruction ID: f8395364276ae0e4734a90ce34d4f8f0785518859f13826520f2d6a5634cd3a1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee75379e8e3e1553e8b5c5f35d9dfa9137cd4888b67628cc0ca4615c8f7ecfbb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B425F31A08AC2A1EA21AB15A4153FAE3A0FF8AB84F844131DF8D17795DFBCF155D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732767410 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32 ref: 00007FF7327675C4
                                                                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,-5555555555555536,-5555555555555556,00000000,-555555555555558E,-555555555555558E), ref: 00007FF7327675F1
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555536,-5555555555555556,00000000,-555555555555558E,-555555555555558E), ref: 00007FF7327675FF
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555536,-5555555555555556,00000000,-555555555555558E,-555555555555558E), ref: 00007FF73276763D
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555536,-5555555555555556,00000000,-555555555555558E,-555555555555558E), ref: 00007FF73276764F
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,-5555555555555536,-5555555555555556,00000000,-555555555555558E,-555555555555558E), ref: 00007FF7327676AA
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateFile
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$DoInitialize
                                                                                                                                                                                                                                                                                                      • API String ID: 1722934493-3575855713
                                                                                                                                                                                                                                                                                                      • Opcode ID: 02d59847b7860f15b5dfdf4759c5e1b67d11e9ce7b9c2a2730c76b3fc32d0160
                                                                                                                                                                                                                                                                                                      • Instruction ID: d94d0637fb8dd52537b18b0361502e0e44d8febd694144c334a37397c2d17868
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02d59847b7860f15b5dfdf4759c5e1b67d11e9ce7b9c2a2730c76b3fc32d0160
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14613432B18A4651F7349B18E816BE9A691FF8A790F805134CF4E06B95DEBDE042D714
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327124DC Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 262libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                                                      control_flow_graph 30 7ff7327124dc-7ff732712554 call 7ff7327405e0 call 7ff73288fbb0 call 7ff732740d30 37 7ff73271255f-7ff732712583 30->37 38 7ff732712556-7ff73271255a call 7ff73286a848 30->38 40 7ff732712592 37->40 41 7ff732712585-7ff732712590 call 7ff732711aec 37->41 38->37 43 7ff732712596-7ff7327125ab call 7ff732776d0c 40->43 41->43 47 7ff7327125ad-7ff7327125b0 43->47 48 7ff7327125b2-7ff7327125c3 IsExtensionPointDisableSet call 7ff732712aac 43->48 47->48 49 7ff7327125c8-7ff7327126b2 call 7ff7327472d0 call 7ff73288fe64 call 7ff7327472d0 call 7ff732757f60 call 7ff73288fbb0 call 7ff732748c20 call 7ff732748210 call 7ff732747410 call 7ff732747080 call 7ff732766890 call 7ff732747230 47->49 48->49 73 7ff7327126cb-7ff7327126ea call 7ff732748210 49->73 74 7ff7327126b4-7ff7327126c9 call 7ff7327472f0 49->74 77 7ff7327126ef-7ff73271272e call 7ff732747410 * 2 call 7ff732747440 call 7ff732747410 73->77 74->77 87 7ff732712737 77->87 88 7ff732712730-7ff732712735 77->88 89 7ff73271273a-7ff73271273d 87->89 88->89 90 7ff73271273f-7ff732712784 call 7ff73286ddc0 GetCurrentDirectoryW call 7ff732747db0 89->90 91 7ff732712790-7ff73271279c call 7ff73274b4e0 89->91 102 7ff7327127fc 90->102 103 7ff732712786-7ff73271278e 90->103 97 7ff732712930-7ff732712938 91->97 98 7ff7327127a2-7ff7327127f7 GetLastError call 7ff73274ca80 call 7ff732712093 call 7ff73274cc30 91->98 101 7ff73271293d-7ff732712974 call 7ff732747410 call 7ff73286aba0 97->101 118 7ff732712928-7ff73271292b call 7ff73274cb70 98->118 106 7ff732712804-7ff73271282b SetCurrentDirectoryW call 7ff732747410 call 7ff732766540 102->106 103->106 119 7ff73271282d-7ff732712832 106->119 120 7ff732712834 106->120 118->97 122 7ff732712839-7ff732712851 LoadLibraryW 119->122 120->122 123 7ff732712861-7ff732712864 122->123 124 7ff732712853-7ff73271285b SetCurrentDirectoryW 122->124 125 7ff7327128c7-7ff7327128d3 call 7ff73274b4e0 123->125 126 7ff732712866-7ff732712870 123->126 124->123 125->97 131 7ff7327128d5-7ff732712923 GetLastError call 7ff73274ca80 call 7ff732712093 call 7ff73274cc90 125->131 128 7ff732712882-7ff7327128b8 GetProcAddress 126->128 129 7ff732712872-7ff73271287c SetProcessShutdownParameters 126->129 135 7ff7327128c3-7ff7327128c5 128->135 129->128 131->118 135->101
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory$AddressDisableErrorExtensionLastLibraryLoadParametersPointProcProcessShutdown
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\chrome\app\main_dll_loader_win.cc$110.0.5481.97$Cannot find module $ChromeMain$Failed to load NW DLL from $fallback-handler$nw.dll$type
                                                                                                                                                                                                                                                                                                      • API String ID: 1794511419-1008005505
                                                                                                                                                                                                                                                                                                      • Opcode ID: e7942e07e995d2a48fda283df15d7047ff5278ac2775e717a5396b56aebda119
                                                                                                                                                                                                                                                                                                      • Instruction ID: eb203eff0bbe5ffb38b0b8e04ed6fccf221e14a6557145cc87f34a142312fcd6
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7942e07e995d2a48fda283df15d7047ff5278ac2775e717a5396b56aebda119
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAC16221A08A92A1EA24FB15E8513FAE360FF8A784FC04435DB8D07696DFBCF145D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327403D0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 142libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FreeLibrary$AddressLoadLocalProc
                                                                                                                                                                                                                                                                                                      • String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h$CommandLineToArgvW$QUUUUUUU$__location != nullptr$api-ms-win-downlevel-shell32-l1-1-0.dll$null pointer given to construct_at
                                                                                                                                                                                                                                                                                                      • API String ID: 2211760351-157365408
                                                                                                                                                                                                                                                                                                      • Opcode ID: 772c8aec8c76c74bb04bf6e5d3fcddd323e228f41c4afad3c351213c28f2d770
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5aa164d55e59cdf4fa1d8ff3e1659711e7d946adbae6adedefa741a3d588eec7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 772c8aec8c76c74bb04bf6e5d3fcddd323e228f41c4afad3c351213c28f2d770
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B51D521E1DA52A1FA55AB19E8407B9E3A0FF8AB80FC45035EB8D02754DFBCF185D720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732740270 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF73286A7F8: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF73286A828
                                                                                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF732711070), ref: 00007FF732740319
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CommandConcurrency::cancel_current_taskLine
                                                                                                                                                                                                                                                                                                      • String ID: %s:%d: assertion %s failed: %s$..\..\base\strings\string_piece.h$..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h$__location != nullptr$null pointer given to construct_at
                                                                                                                                                                                                                                                                                                      • API String ID: 782954875-3367949744
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7fa22f9f1b4c1984d2427d578673f7bc764281fcda25294b1c55fc5be5944fec
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8dcbc28d2a9ad4afe0def6242da0f5e025223694c539e386f1462559bfa70fc0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7fa22f9f1b4c1984d2427d578673f7bc764281fcda25294b1c55fc5be5944fec
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4319221A1CB45A2FA50AB14F8503EAB3A0FF95784F810135EB8D06B91DFBCF155D360
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73271101F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: DetailsInstallPayload
                                                                                                                                                                                                                                                                                                      • String ID: crashpad-handler$fallback-handler$type
                                                                                                                                                                                                                                                                                                      • API String ID: 3030567736-2811626952
                                                                                                                                                                                                                                                                                                      • Opcode ID: f23f89be885fcc6579c23551ef3e25ed2f0cc2c1439d7e45a100ed51e9beaa10
                                                                                                                                                                                                                                                                                                      • Instruction ID: 0d3d8583dc1d3bb76c463aa21a0441cd3afa40507de97dbdb19b3b7667f6d496
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f23f89be885fcc6579c23551ef3e25ed2f0cc2c1439d7e45a100ed51e9beaa10
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19318421A18B82B1EA14BB15A8152FAE3A4BF59784FC04031EF4D17396DF7CF155E760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732766540 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-5555555555555556,?), ref: 00007FF7327665E0
                                                                                                                                                                                                                                                                                                      • PrefetchVirtualMemory.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,-5555555555555556,?), ref: 00007FF7327665F6
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentMemoryPrefetchProcessVirtual
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3768025762-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8ad00dbda823a9ac6284aae9afccc106680134036d47ecc5c41d46a51c1a5b40
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3361174761548166b67b0924bfdd4a2b40f156fbea11668ead12a299846877fc
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ad00dbda823a9ac6284aae9afccc106680134036d47ecc5c41d46a51c1a5b40
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C021E231A18A8161FA21AB19B9117F6E3E0BF99784F804030EE8D07B54DE7DE047D710
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327470D0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID: File::Initialize
                                                                                                                                                                                                                                                                                                      • API String ID: 1452528299-1357756759
                                                                                                                                                                                                                                                                                                      • Opcode ID: c962153a914acaf0086aaf278fcbb30b9164fbfc7291deaff8478f04ce7c45de
                                                                                                                                                                                                                                                                                                      • Instruction ID: fca9e15e48f98c758a64212b3672fb28650640572355a587a9afc6ad18562340
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c962153a914acaf0086aaf278fcbb30b9164fbfc7291deaff8478f04ce7c45de
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76118F71A1865260FA60BB11A8522FAA7D1AF8E7D4FC44130EF4E07796DE7CF446D720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289CE70 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetEnvironmentStringsW.KERNELBASE(?,?,00000000,00007FF732881AA6,?,?,?,00007FF7328819B6,?,?,?,?,00007FF732880C3C,?,?,?), ref: 00007FF73289CE84
                                                                                                                                                                                                                                                                                                      • FreeEnvironmentStringsW.KERNEL32(?,?,00000000,00007FF732881AA6,?,?,?,00007FF7328819B6,?,?,?,?,00007FF732880C3C,?,?,?), ref: 00007FF73289CEEE
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3328510275-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: c7564c72eea70dc63f9ebaa3b31d098a42a43eb7361799d2d9118172797e44e6
                                                                                                                                                                                                                                                                                                      • Instruction ID: 6d3a08d39b3dcdcacf0d1315042cfa2ba2fc5a1ab57fd3a7f936c8a4683e9093
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c7564c72eea70dc63f9ebaa3b31d098a42a43eb7361799d2d9118172797e44e6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1801A911E0475151EA10BF16A8140ADA264AB49BD0BD84634DF6E137D5DE7CF862D324
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732769E30 Relevance: 3.0, APIs: 2, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentTerminate
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2429186680-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 079216c55fa2423c2c9c28286a41f4844c39b24e8f5c4320af047dea935397f7
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2b63e99c0e062ecf7875b0a86f13c0e39eb227ccc7b078523b39d67b982e2f87
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 079216c55fa2423c2c9c28286a41f4844c39b24e8f5c4320af047dea935397f7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DC08C38E0051C66E23C67B11C0406A1320DF48B11F004C38C70A0FF20ED7C74629282
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276C5D0 Relevance: 1.5, APIs: 1, Instructions: 36registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 175d454540ccd770145ddba24568bcf8723e1b010c8f975e5e612b2cd9530f4b
                                                                                                                                                                                                                                                                                                      • Instruction ID: ea12c3cd8baafacfb6520b6029b7741deedca08957c5a9400bfa141f7ee37633
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 175d454540ccd770145ddba24568bcf8723e1b010c8f975e5e612b2cd9530f4b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FF0AD32A2AB4192FB409B15F8607AAB3A4FB98794F805035EF4E43710DF6CE461DB10
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732894A80 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF73289561E,?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF732894AD5
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5019647ac6fdb311d45e6f1b8a8c886ba5eabd765d1a0b86621cd430f6f2f91d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7d70a0d308fe087575db042f91ec8657aa1086ff0fbb6b17a25273e89c119ce9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5019647ac6fdb311d45e6f1b8a8c886ba5eabd765d1a0b86621cd430f6f2f91d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 91F04F55B0960360FE5476669D112FA92C46F58780FEC4430C91D863C1ED9CF9B4F234
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732897D34 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f9378850f27be4db3feefe394f4d6b58df237a44b44917856e2db8ebde7704de
                                                                                                                                                                                                                                                                                                      • Instruction ID: be1721c95cdf33e333cdcb66ff35d650f9be80d22882c61af608297e4f4a9f8d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9378850f27be4db3feefe394f4d6b58df237a44b44917856e2db8ebde7704de
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2F05890F09602A5FA643AAA5C012F492805F587A0FD84630DD2E863C9DEACF4A1E230
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73286A7F8 Relevance: 1.5, APIs: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 680105476-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 083666ae410d6772eccb69e2f42bac0ecfb98ea28af6b8a24fbe3a07746e17d0
                                                                                                                                                                                                                                                                                                      • Instruction ID: a3ba204aad4e4e9e3b56d1b50a6ba9745d51e0dcb4d68b836f733ae342fbc5d5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 083666ae410d6772eccb69e2f42bac0ecfb98ea28af6b8a24fbe3a07746e17d0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E0E551F2910BA5F96832761C460F480405F59330ED81B30DB7D046C2BD8CA8B2E6B9
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                                                      Function 00007FF7327A5844 Relevance: 24.8, APIs: 2, Strings: 12, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Info$MemoryPerformanceProcess
                                                                                                                                                                                                                                                                                                      • String ID: ProcessPeakPagefileUsage$ProcessPeakWorkingSetSize$ProcessPrivateUsage$SystemCommitLimit$SystemCommitRemaining$Win64$cana$channel$plat$prod$ptype$ver
                                                                                                                                                                                                                                                                                                      • API String ID: 2600119024-1714930364
                                                                                                                                                                                                                                                                                                      • Opcode ID: 7d95d825abd34d9cedc71cd0ce46b0ece90d243e34d3ed488a59c4d622da0ae1
                                                                                                                                                                                                                                                                                                      • Instruction ID: ad1accf87a7d0b398b0983425b11c5cc7386a267d3273ee3a156f94b74409055
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d95d825abd34d9cedc71cd0ce46b0ece90d243e34d3ed488a59c4d622da0ae1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 62F1A422A08BC6A1E661EB25E4443F9A3A0FF8A794F844135DF8C03795EFBCE195D750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327A7BB4 Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFileFilterModuleNameUnhandled
                                                                                                                                                                                                                                                                                                      • String ID: %s:%d: assertion %s failed: %s$--monitor-self$--monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h$..\..\third_party\crashpad\crashpad\handler\handler_main.cc$__location != nullptr$null pointer given to construct_at
                                                                                                                                                                                                                                                                                                      • API String ID: 3130446091-4103218442
                                                                                                                                                                                                                                                                                                      • Opcode ID: 172e004c2380bcc7674f22c3e26884adf76e8e04b6e6d120731a15726c702007
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3e34eb05fed1de3cd6ef6e2467497db5ccdc3b6bc86843e7719593163aed8e47
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 172e004c2380bcc7674f22c3e26884adf76e8e04b6e6d120731a15726c702007
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3BE14022A0CAC2A1EA71AB14E8413FAE361FB9A744FC44131DB8D07796DFBCE555D710
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327FC436 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 269threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Create$Event$ErrorLast$CurrentExceptionFilterProcessThreadUnhandled
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\client\crashpad_client_win.cc$CreateNamedPipe$CreateThread$\\.\pipe\crashpad_%lu_$pipe_instance->is_valid()
                                                                                                                                                                                                                                                                                                      • API String ID: 3751147982-1677688547
                                                                                                                                                                                                                                                                                                      • Opcode ID: 0d33828adb28b98514d0620fa70869805a857001fdbd95690de5617e3252594a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 35ad60cb14b1dd50b7aba2752d7cea216ce0f15b5c41b1b87809f0db6b937324
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d33828adb28b98514d0620fa70869805a857001fdbd95690de5617e3252594a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82D19332A0DB82A1E720EB25E9503EAB360FB89754F804235DBAD03AD5DFBCE155D750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327C91B0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorExclusiveLastLockOnceValue$AcquireExecuteInitRelease
                                                                                                                                                                                                                                                                                                      • String ID: Genu$OPENSSL_ia32cap$ineI$ntel
                                                                                                                                                                                                                                                                                                      • API String ID: 389898287-3767422159
                                                                                                                                                                                                                                                                                                      • Opcode ID: 98ba19402d929a8a31a33a2bf9a84b6846ef195799bfaefbc71651925455bb3a
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8b41b77f8cc7fed5bd55c354d13cf72a27ef2122e64ca398ceb8bf2288d8afc7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98ba19402d929a8a31a33a2bf9a84b6846ef195799bfaefbc71651925455bb3a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13712B21F18623A1FF99A731A8107B5A580BF8ABA0FD44135DE4E477E4DEBCB541E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289776C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1239891234-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: b7bdb6c344d27f364689e27f12e31de2aecf73848b036424e5379e1cf948ace7
                                                                                                                                                                                                                                                                                                      • Instruction ID: e8a718c9da5de22f82b3167152ac0fa27481abc65b548f9256b180446f4c12ed
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b7bdb6c344d27f364689e27f12e31de2aecf73848b036424e5379e1cf948ace7
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14316372618B81A6D760DF25EC402EEB3A4FB88794F900135EA9D43B54DF7CD565C710
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732878860 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: memcpy_s
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1502251526-3916222277
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1efc405c14b365811427bbc67e47e35358c8ace6737d62e250c189a34d53ca81
                                                                                                                                                                                                                                                                                                      • Instruction ID: a6805438d4a38f422c7dd12f01ba285b200915d47cb73343c1e8654ed529a4bb
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1efc405c14b365811427bbc67e47e35358c8ace6737d62e250c189a34d53ca81
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18C12772B1928697E760EF1DF448AAAF791F784784F848534DB4A43744DB7CE890EB10
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73274C8C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                      • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                                                                                                                                      • API String ID: 3479602957-3206765257
                                                                                                                                                                                                                                                                                                      • Opcode ID: 797b4d6fce49afca0de3e728d238fd4a4c5aa2df47e8fbedd9525df2fb6b2f4d
                                                                                                                                                                                                                                                                                                      • Instruction ID: 77bd7aaea35a00e11b425c30118e88f17ed4dc58374735766c1a0359118265f3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 797b4d6fce49afca0de3e728d238fd4a4c5aa2df47e8fbedd9525df2fb6b2f4d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2419131A08AC1A1F6369B18A4027F5E7B0FFD9794F405121EB8803661EFBDE1D2DB90
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327131B4 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                                                      • Opcode ID: 6887e8af897f7bbeacaf88af478ea6cdb98f819787b4ccecaedd22ee3154c3f5
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4b2a568b3850f69e8c486c1e8efb7ab5226f72b473fefe55ab2703043a34a8c8
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6887e8af897f7bbeacaf88af478ea6cdb98f819787b4ccecaedd22ee3154c3f5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86D0C900F2AB47B6EE187756688123486A07F4EB80FD86434CE0D02390DEADB595F620
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732818BCC Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 190pipefileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: NamedPipe$ErrorLast$CreateFileHandleStateTransactWait
                                                                                                                                                                                                                                                                                                      • String ID: , observed $..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
                                                                                                                                                                                                                                                                                                      • API String ID: 3859568879-2365249698
                                                                                                                                                                                                                                                                                                      • Opcode ID: 308320ce954230d66db09abf6048b258b83d5175dd9b3d5d4a2b6fdbaf3ed06f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 278cfdf972fce9bfc419e9009b1cf2faacbdbaf83a79b40d9e45dd8f78fc650f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 308320ce954230d66db09abf6048b258b83d5175dd9b3d5d4a2b6fdbaf3ed06f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87815F31B08652A1FA20AB15E8127FAA751FB89788F800136EE4D07BC5DFADF516D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327142C3 Relevance: 27.3, APIs: 1, Strings: 17, Instructions: 282memoryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                                                                                                                      • String ID: Check %s failed: %s$LowLevelAlloc arithmetic overflow$VirtualAlloc failed$bad arena pointer in Next()$bad magic number in Next()$i < prev->levels$low_level_alloc.cc$malformed freelist$new_pages != nullptr$next->header.arena == arena$next->header.magic == Magic(kMagicUnallocated, &next->header)$prev < next$reinterpret_cast<char *>(prev) + prev->header.size < reinterpret_cast<char *>(next)$s->header.arena == arena$sum >= a$too few levels in Next()$unordered freelist
                                                                                                                                                                                                                                                                                                      • API String ID: 4275171209-938779485
                                                                                                                                                                                                                                                                                                      • Opcode ID: 735b93553cec7caf2dc9ce9c633d445e7bd06da2081c6ab727d4e95af99dad43
                                                                                                                                                                                                                                                                                                      • Instruction ID: 168dad914483492f9b14b728be773236e9b8f2aaecaa3e5ea26bcf7db698b796
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 735b93553cec7caf2dc9ce9c633d445e7bd06da2081c6ab727d4e95af99dad43
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1FD17F31B09A22A5EA61EF10E8506F9A365FF49794FC44236DA4D06794DFBCF261E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327FA676 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 246synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateThread.KERNEL32 ref: 00007FF7327FA79D
                                                                                                                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7327FA88C
                                                                                                                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7327FA8B9
                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7327FA8FC
                                                                                                                                                                                                                                                                                                      • GetQueuedCompletionStatus.KERNEL32 ref: 00007FF7327FA92B
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818F56: VerSetConditionMask.KERNEL32 ref: 00007FF732818FC9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818F56: VerSetConditionMask.KERNEL32 ref: 00007FF732818FD7
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818F56: VerSetConditionMask.KERNEL32 ref: 00007FF732818FE5
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818F56: VerifyVersionInfoW.KERNEL32 ref: 00007FF732819006
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818F56: CreateNamedPipeW.KERNEL32(?,?,?,?,?,?,?,?,00000000,-55555555555554E6,-555555555555552E,00000000,00007FF7327FA730), ref: 00007FF732819083
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF73273F370: GetLastError.KERNEL32 ref: 00007FF73273F388
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF73276BAA0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF732762B15,?,?,?,?,?,?), ref: 00007FF73276BAEE
                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7327FA94E
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818BCC: CreateFileW.KERNEL32 ref: 00007FF732818C7F
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818BCC: GetLastError.KERNEL32 ref: 00007FF732818CA0
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818BCC: WaitNamedPipeW.KERNEL32 ref: 00007FF732818CBE
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818BCC: SetNamedPipeHandleState.KERNEL32 ref: 00007FF732818CE9
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732818BCC: TransactNamedPipe.KERNEL32 ref: 00007FF732818D30
                                                                                                                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32 ref: 00007FF7327FA9CA
                                                                                                                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF7327FA9DA
                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF7327FAA46
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$NamedPipe$AcquireConditionCreateMaskRelease$CompletionErrorLastQueuedStatusWait$FileHandleInfoObjectSingleStateThreadTransactVerifyVersion
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$CreateNamedPipe$CreateThread$pipe != INVALID_HANDLE_VALUE$thread_handles[i].is_valid()
                                                                                                                                                                                                                                                                                                      • API String ID: 249284331-541003763
                                                                                                                                                                                                                                                                                                      • Opcode ID: b943cadfce03412d08bd63810af7e1dc24186437de58d10f978e639cd9137c56
                                                                                                                                                                                                                                                                                                      • Instruction ID: 29e6629a4383d3a89d7e0636555fab9e972f6c8303439eba34de634f93614cab
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b943cadfce03412d08bd63810af7e1dc24186437de58d10f978e639cd9137c56
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22B17131A0DB41A1E710AB15E4503AAB7A0FB8ABA4F904235DFAE037E5DFBCE145D710
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73274B650 Relevance: 19.5, APIs: 3, Strings: 8, Instructions: 266threadtimeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CountCurrentLocalThreadTickTime
                                                                                                                                                                                                                                                                                                      • String ID: )] $..\..\base\strings\string_piece.h$..\..\base\threading\thread_local_storage.cc$:$:$UNKNOWN$VERBOSE$n <= size()
                                                                                                                                                                                                                                                                                                      • API String ID: 105047090-1854777792
                                                                                                                                                                                                                                                                                                      • Opcode ID: e803b7a953081d9b4b5282cd184585511b3c8399335a53c3ce803146308eb5b2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f91634f36975cdfc74f1b23c4f1dd8c50750cb0de86d4833d1dcd3a1febdff3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e803b7a953081d9b4b5282cd184585511b3c8399335a53c3ce803146308eb5b2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EC1C121B1CA92A0EA10FB11E4557B9E790BF8AB80FC05135EE8E07796DEBDF144E750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73274B1A0 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 179fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$Create$CurrentDirectoryModuleName
                                                                                                                                                                                                                                                                                                      • String ID: !empty()$%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\string$__s < __min_cap$__s should never be greater than or equal to the short string capacity$debug.log$string::back(): string is empty
                                                                                                                                                                                                                                                                                                      • API String ID: 4120427848-116757326
                                                                                                                                                                                                                                                                                                      • Opcode ID: 830981d7398e92840ade6d34a73ad7a15d1e05769f71ba0edeee1f4f380da5ec
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2e21800fe7d31d9ed8f9afac330c9ab9bccfea32611cbe71ed0502b2575ed539
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 830981d7398e92840ade6d34a73ad7a15d1e05769f71ba0edeee1f4f380da5ec
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1481E261E08656A1FA50AB15E9483B9A7A0FF5AB84FC05035CA4D077E0DFFDF865E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732819714 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ConditionMask$CriticalErrorInfoInit_thread_headerInitializeLastSectionVerifyVersion
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc$::InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 3088209894-2244720229
                                                                                                                                                                                                                                                                                                      • Opcode ID: b4582bbe60395fc18c5a3724d36b19ac76d4b944a7555f894478de1aeef656a8
                                                                                                                                                                                                                                                                                                      • Instruction ID: f154da1bb4d99723103590556b2489f1af38ea22682c8cdef8ec4d3b7a097cfd
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4582bbe60395fc18c5a3724d36b19ac76d4b944a7555f894478de1aeef656a8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 49417C30F0861661FA14BB26EC513FAA361AF88784FD04135DA0E4B7A5DEACF456E720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732745910 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 288COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                                      • String ID: %s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h$__s2 < __s1 || __s2 >= __s1+__n$char_traits::copy overlapped range$process-$process-phase$ss-phase
                                                                                                                                                                                                                                                                                                      • API String ID: 17069307-3850416509
                                                                                                                                                                                                                                                                                                      • Opcode ID: ebea1e10df2af6f4541a63e985f946e346c0c54e0e338041cbf0ae987c95dfb9
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7d050a29e8f4a154c248fdf558cb959f2ea5f631a30c0a2c093d4d8a0769c5d2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ebea1e10df2af6f4541a63e985f946e346c0c54e0e338041cbf0ae987c95dfb9
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A3C19421B08692A1EA60AB15E4407BAF7A0FF9ABC4FC44031DB8D13B59DFBCE545D710
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327728A0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value$ExclusiveLockRelease
                                                                                                                                                                                                                                                                                                      • String ID: (%.3f ms)$%s:%d: assertion %s failed: %s$..\..\base\trace_event\trace_log.cc$..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h$33333333$UUUUUUUU$__s2 < __s1 || __s2 >= __s1+__n$char_traits::copy overlapped range
                                                                                                                                                                                                                                                                                                      • API String ID: 1152893786-4226856030
                                                                                                                                                                                                                                                                                                      • Opcode ID: 836fb9457c21e4a13dfcdadeed0ea98996b5515cc3138e6b38d74171125fa45b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 9dea24adfd4428ccaf816ad3b780c2c6e8731f4a272e432e4f325e70d962aa53
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 836fb9457c21e4a13dfcdadeed0ea98996b5515cc3138e6b38d74171125fa45b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6151A131A0D6C160FA76AB26A4553FAE7A0BF8E780F844035DF9D07B95DE6CE141E720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327E3640 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000010,00007FF7327E35CB), ref: 00007FF7327E370B
                                                                                                                                                                                                                                                                                                      • GetModuleHandleExW.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000010,00007FF7327E35CB), ref: 00007FF7327E3725
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000010,00007FF7327E35CB), ref: 00007FF7327E373B
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000010,00007FF7327E35CB), ref: 00007FF7327E3765
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\trace_event\trace_logging_minimal_win.cc$EventSetInformation$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll$reg_handle_ == 0ULL
                                                                                                                                                                                                                                                                                                      • API String ID: 3947729631-1000175972
                                                                                                                                                                                                                                                                                                      • Opcode ID: b028931263cdf5e61138fcad43976b0585b2022f96a1c77a2845943468a98564
                                                                                                                                                                                                                                                                                                      • Instruction ID: fe98ddd84c6293d74e1d7b1fa9254c8a3287c9da4838d9f170b851e918406551
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b028931263cdf5e61138fcad43976b0585b2022f96a1c77a2845943468a98564
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BA416361A18642B2EB14AB15A8411BAB3E0FF49B90FC05036DF4E47765DE7CE415E360
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732762BB0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value$Free$Alloc
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\threading\thread_local_storage.cc$GetTlsVectorStateAndValue(key) == TlsVectorState::kUninitialized$PlatformThreadLocalStorage::AllocTLS(&key)$PlatformThreadLocalStorage::AllocTLS(&key) && key != PlatformThreadLocalStorage::TLS_KEY_OUT_OF_INDEXES
                                                                                                                                                                                                                                                                                                      • API String ID: 4173863045-4231282986
                                                                                                                                                                                                                                                                                                      • Opcode ID: 30092b18963bf3dcf6c7fec2ade69e4015eb54d5cefc1b4d14f853c9bc13a678
                                                                                                                                                                                                                                                                                                      • Instruction ID: a43c17d7eb0b2904c05736d04d891f027c9c225551af7813d2d5b733226d7ba5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30092b18963bf3dcf6c7fec2ade69e4015eb54d5cefc1b4d14f853c9bc13a678
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E441F331A0C50265EA54BB25A8102FAE352BF8A7E0FD00135EB5D07BD5CEBCF412EB61
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327658D0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 182fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$AttributesErrorLast$Delete
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile
                                                                                                                                                                                                                                                                                                      • API String ID: 1157692262-486883514
                                                                                                                                                                                                                                                                                                      • Opcode ID: a17db1768b123b80d993a53223e544be20f8eeb4cf2851ad6195714c02d3f558
                                                                                                                                                                                                                                                                                                      • Instruction ID: aece508fa39b430492e6d9ea93a399ed0fd6a5b45215e63335b3142873c10ddd
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a17db1768b123b80d993a53223e544be20f8eeb4cf2851ad6195714c02d3f558
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF71AE21A0C68361FA60BB15A5513BAE391BF8A7D0FC40131DB9D066D5EEEDF446F324
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289650C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF732896350,?,?,00000000,00007FF732898E90,?,?,00000003,00007FF73287DF89), ref: 00007FF73289668B
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF732896350,?,?,00000000,00007FF732898E90,?,?,00000003,00007FF73287DF89), ref: 00007FF732896697
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                      • String ID: MZx$api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                                      • API String ID: 3013587201-2431898299
                                                                                                                                                                                                                                                                                                      • Opcode ID: 96c09fc4c82af67d25277db2d457c07fd0b4d20f07f853b9cae73982f164ca91
                                                                                                                                                                                                                                                                                                      • Instruction ID: 783fbe44ba0d9cead9b45a5a3579c4db12795352c4234ef2ff2bbe9ab9527168
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96c09fc4c82af67d25277db2d457c07fd0b4d20f07f853b9cae73982f164ca91
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3241F261B1A612A1FA12EF16AC041B5A391BF49BE0F988135DD1D47785EEBCF065E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327BE760 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CurrentProcess$FileModuleName
                                                                                                                                                                                                                                                                                                      • String ID: %ls;%ls
                                                                                                                                                                                                                                                                                                      • API String ID: 3417093632-3628426237
                                                                                                                                                                                                                                                                                                      • Opcode ID: abd195254edcfbe8bbef08e19567e15750f1a37896acf1f67a2fce08c1937464
                                                                                                                                                                                                                                                                                                      • Instruction ID: 83143ee83a6629ca6104150811670ffa8c13148e1bbc2de7b6132f5beb88ed48
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abd195254edcfbe8bbef08e19567e15750f1a37896acf1f67a2fce08c1937464
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C518331E1C642A2FA64B725A8153F9E391BF9AB84FC04035DA4D03799DFACF045E761
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328A2830 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7328A2757,?,?,?,00007FF732891776,?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731), ref: 00007FF7328A28B5
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,00000000,00007FF7328A2757,?,?,?,00007FF732891776,?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731), ref: 00007FF7328A28C3
                                                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7328A2757,?,?,?,00007FF732891776,?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731), ref: 00007FF7328A28ED
                                                                                                                                                                                                                                                                                                      • FreeLibrary.KERNEL32(?,?,00000000,00007FF7328A2757,?,?,?,00007FF732891776,?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731), ref: 00007FF7328A2933
                                                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(?,?,00000000,00007FF7328A2757,?,?,?,00007FF732891776,?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731), ref: 00007FF7328A293F
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                                                                      • String ID: %s:%d: assertion %s failed: %s$MZx$api-ms-
                                                                                                                                                                                                                                                                                                      • API String ID: 2559590344-2489781777
                                                                                                                                                                                                                                                                                                      • Opcode ID: 96307ef0a9fd4d21828c6c3d20832e7a7f2d4784512a9421da9dec6713345476
                                                                                                                                                                                                                                                                                                      • Instruction ID: 99e4047132266eb59a2396860664b12e646b7c64dd307a6706a0ef8e574b04f4
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96307ef0a9fd4d21828c6c3d20832e7a7f2d4784512a9421da9dec6713345476
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B31D421B0A742B1EE61BB06AC005B5A394FF08BA1F894535DD2D16388DFBCE561E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327FB34A Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 95registryCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ObjectRegisterSingleWait
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
                                                                                                                                                                                                                                                                                                      • API String ID: 1092942010-2013388152
                                                                                                                                                                                                                                                                                                      • Opcode ID: 06a1e5f64072f4bdcb285b78f6162618769e09ff3ec860813d68bf5f96dde617
                                                                                                                                                                                                                                                                                                      • Instruction ID: 2fca3387134bda4d19cbd79dd746724bded1edfaba73672de82239831a9553b1
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 06a1e5f64072f4bdcb285b78f6162618769e09ff3ec860813d68bf5f96dde617
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46419F20B0865260EA20BB65E8497F9A710BF5ABD4FC01139DF4D07AD6DFACE206D720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732771B90 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireReleaseValue
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\time\time.h$..\..\base\trace_event\trace_log.cc$SequenceManager$int64_t{delta_} != int64_t{other.delta_}
                                                                                                                                                                                                                                                                                                      • API String ID: 421378090-1082962478
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2f732a2ed412b4523f0b75d74fcd3632da34acb2098260d3a874a7fe2c2e01b5
                                                                                                                                                                                                                                                                                                      • Instruction ID: 69109f9e01169cb1e01adf4f6706bc93a020542cd2989d9a7b92e4bde8ebc77d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2f732a2ed412b4523f0b75d74fcd3632da34acb2098260d3a874a7fe2c2e01b5
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DAC1913260DAC595E670AB15A4453FAA3A4FF8AB90F840135EF8D43B55EFBCE041DB10
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732759910 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_header
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\run_loop.cc$Run$RunLoop::Run$location$test
                                                                                                                                                                                                                                                                                                      • API String ID: 3738618077-290226274
                                                                                                                                                                                                                                                                                                      • Opcode ID: daed06267df5dde5b66b2450260a9aef7a91c595feb174a61c8e71e7459d1837
                                                                                                                                                                                                                                                                                                      • Instruction ID: e5a7e405a2d425ae3a5c471e5c568f4ac31b00a19170d556122ed265f244400d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: daed06267df5dde5b66b2450260a9aef7a91c595feb174a61c8e71e7459d1837
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1A17C21A1CA82A1EA50EB15E8513F9E360FF9A790FD44131EA8D037A5DFBCF145E760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328841B4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                      • String ID: MZx
                                                                                                                                                                                                                                                                                                      • API String ID: 3215553584-2575928145
                                                                                                                                                                                                                                                                                                      • Opcode ID: 03d6bc9af7edd53204f98ea2a2fefea5bf0bbb1e7e1bd1878e48ad803a5abcf3
                                                                                                                                                                                                                                                                                                      • Instruction ID: 67192548bd74d77e22a413e7d11ed0afe0f8720806b2bf6fa0f939335fe454df
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03d6bc9af7edd53204f98ea2a2fefea5bf0bbb1e7e1bd1878e48ad803a5abcf3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7C51952390D786A6E752AF21A8506FDBBA4AF06B44FDD8031C78C47346CE7DA465D322
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732745690 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\debug\activity_tracker.cc$..\..\base\memory\ref_counted.h$RecordProcessExit$ref_count_.Increment() != std::numeric_limits<int>::max()
                                                                                                                                                                                                                                                                                                      • API String ID: 17069307-1093241864
                                                                                                                                                                                                                                                                                                      • Opcode ID: a83a2785ddec28cb9172db1dbe430d80d3de3f216909b7a1826760e89c77c21b
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8735d86aac3113b7d7f52db58b92e5519c60adb3a44e9412fbc94a842c008a7f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a83a2785ddec28cb9172db1dbe430d80d3de3f216909b7a1826760e89c77c21b
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1610632A0D792A2E661AB15E4407E9A790FF99BD4F804136DB8D037A1DFBCF046D310
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276F840 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 130threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00007FF73276F8E7
                                                                                                                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,?,00007FF732770674), ref: 00007FF73276F8F7
                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32(?,?,00000000,?,?,?,?,?,00007FF732770674), ref: 00007FF73276F981
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireCurrentReleaseThread
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\memory\ref_counted.h$ThreadLocalEventBuffer$ref_count_.Increment() != std::numeric_limits<int>::max()
                                                                                                                                                                                                                                                                                                      • API String ID: 135963836-1427645625
                                                                                                                                                                                                                                                                                                      • Opcode ID: 30d24c558b9d876fabf3309b32fd750fd11803ec3e04c8f975893cdc63d87e1f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 19d9d17e1a36e6d96a001f3bbb2a084d0aa65c41201f8c8b8f240046531423ec
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 30d24c558b9d876fabf3309b32fd750fd11803ec3e04c8f975893cdc63d87e1f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8E51C421A0D742B1E604BB15E8411BAB390BF4A7A0FD40632EB5E437A5DEBCF052E365
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276D7A0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 119timeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00007FF732763234), ref: 00007FF73276D7FD
                                                                                                                                                                                                                                                                                                      • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00007FF732763234), ref: 00007FF73276D8B4
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Time$FileSystem
                                                                                                                                                                                                                                                                                                      • String ID: !is_inf() || (delta_ == other.delta_)$..\..\base\time\time.h$gfffffff$gfffffff
                                                                                                                                                                                                                                                                                                      • API String ID: 2086374402-1785211625
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2c8b5378c60ee5173c50bd57f1fd12db2d704f5c78d9fdc05bf95c3a44309909
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5c7cd79eb2fbc774c0c56f6699e3fe6cbb6a27c3cc0578dd59844929cd6e34b0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c8b5378c60ee5173c50bd57f1fd12db2d704f5c78d9fdc05bf95c3a44309909
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 78419472B28B0A61EA40EB06FD41665A3A1FB4CBE0F805131DD4E877A8DE7CF145E311
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732765B80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$ErrorLastMoveReplace
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\files\file_util_win.cc$.pma$ReplaceFileW
                                                                                                                                                                                                                                                                                                      • API String ID: 3435996589-379499873
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1929d32405d7787bdb03133d51091c445010a342db9d44a252cfea185544697e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7f4b80950e2357baeb9eec04da8266ab8c583f7f83a2dec335a4e505bfc9b923
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1929d32405d7787bdb03133d51091c445010a342db9d44a252cfea185544697e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1941C661B1868261F725BB2698557F9A790BF8ABC8F804030DF4C07785DFBDE192E724
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732819197 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)
                                                                                                                                                                                                                                                                                                      • API String ID: 1452528299-2843865158
                                                                                                                                                                                                                                                                                                      • Opcode ID: 5fa81df177926d0cf26a5ef9681e3ff179fdbe07aa6584c7b8d088b11517c7b0
                                                                                                                                                                                                                                                                                                      • Instruction ID: aea2f3a349986d0f194da6cc98587c1992b272c19313625aeb7379134eadddbd
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5fa81df177926d0cf26a5ef9681e3ff179fdbe07aa6584c7b8d088b11517c7b0
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35518131A08692A1F720AB14F8017E9F3A4FF99744F805136DA8D07B95EFBCE156D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73275B750 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • _Init_thread_header.LIBCMT ref: 00007FF73275B8C4
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732883384: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF73286FB16,?,?,?,00007FF732897AE2), ref: 00007FF7328833AA
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FeatureInit_thread_headerPresentProcessor
                                                                                                                                                                                                                                                                                                      • String ID: $%s:%d: assertion %s failed: %s$..\..\buildtools\third_party\libc++\trunk\include\__string\char_traits.h$__s2 < __s1 || __s2 >= __s1+__n$char_traits::copy overlapped range
                                                                                                                                                                                                                                                                                                      • API String ID: 3909347999-2750514336
                                                                                                                                                                                                                                                                                                      • Opcode ID: 89536d0557b1a54d5fbbee5f78533847a513ef11e32a2cef3d1cacd4d26fd300
                                                                                                                                                                                                                                                                                                      • Instruction ID: cb4d9489fb2f88b4aae3b7e4dc5c1c0925f71081e761c9e5360f51b371978ce4
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 89536d0557b1a54d5fbbee5f78533847a513ef11e32a2cef3d1cacd4d26fd300
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8251B421908A82B1F610AF14EC413F9E7A0FFA9794F945231DA9D023A5DFBCF195D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327FB720 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateErrorEventLast
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.cc$CreateEvent
                                                                                                                                                                                                                                                                                                      • API String ID: 545576003-2209791154
                                                                                                                                                                                                                                                                                                      • Opcode ID: 561804602950687a3e5b013e56d462e3e7166540cbf174746a9637b5a41b05c9
                                                                                                                                                                                                                                                                                                      • Instruction ID: 820c65bc0c0d479c33a6057f28a6dc0f4617ffb0c7216c8aa96aa59cc3f85743
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 561804602950687a3e5b013e56d462e3e7166540cbf174746a9637b5a41b05c9
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87419231A18612A1EB20BB24F8517FAB750FB4A784F801136DB8E47B96DFACF145D720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276D490 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 86libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleInit_thread_headerModuleProcProcessWow64
                                                                                                                                                                                                                                                                                                      • String ID: IsWow64Process2$kernel32.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 3408976151-2577318745
                                                                                                                                                                                                                                                                                                      • Opcode ID: 74294d46b4b5ee6f4fc9279f168db33f7b1cbe321cf264e1327a463df81875a6
                                                                                                                                                                                                                                                                                                      • Instruction ID: d3921a745000db86f088bcb3476bac4630c23ab11406da047a45ea265daec309
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74294d46b4b5ee6f4fc9279f168db33f7b1cbe321cf264e1327a463df81875a6
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7841E631E1C602A2FB64AB15E8503B9A3A0FF49748F804135D64D97AA4DFBCF540EB24
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732895444 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: cc9cc1ac9365a467b89952cb8895ae1399ff87e343d4c54b945bd474e25cce0e
                                                                                                                                                                                                                                                                                                      • Instruction ID: dafe1826d6ae26491566be6749dc0a7cf342f808d5f3f4ccb3ec0ebef1d0b848
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc9cc1ac9365a467b89952cb8895ae1399ff87e343d4c54b945bd474e25cce0e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63218024A0E24272F694B335AD551FDD2815F45BB0FA44734D93E16AC6DEACB430F320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328A41E4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                                                                      • String ID: CONOUT$
                                                                                                                                                                                                                                                                                                      • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                                                                      • Opcode ID: 58513cf6ef3ebe305c9168d25a8946a20b0dace7cebee71322028c7959d8ad22
                                                                                                                                                                                                                                                                                                      • Instruction ID: 96ac1e8064de5bc4fd9f1171c0a40eab047a985d5cddf5dc7e2bab166b2a9b45
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58513cf6ef3ebe305c9168d25a8946a20b0dace7cebee71322028c7959d8ad22
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8311D321B18B41A2E790AB52FC44369A7A0FB88BE4F904234EA6D83790CFBCD420D750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327627F0 Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value$ExclusiveLock$AcquireInit_thread_headerRelease
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2563465751-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 64333def4c2528c9f687a049f77b0ca65f358d72423438cdc26c357f3772ba92
                                                                                                                                                                                                                                                                                                      • Instruction ID: 719c65369517257b12faa2d95bb71be8b8ea658d7af767ffd4b853fff54505dd
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64333def4c2528c9f687a049f77b0ca65f358d72423438cdc26c357f3772ba92
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AD41AC21A09207B1FA90FB15AC513F9A391BF897A0FC44134DA5D162D1DEBCF445E724
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328955BC Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF7328955CB
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF732895601
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF73289562E
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF73289563F
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF732895650
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00007FF732880CC1,?,?,?,?,00007FF732883442), ref: 00007FF73289566B
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 2506987500-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 839cd4a6fea38d7601c5cbb0f205d2a1add0037b3796a8ccf557915e034bfaea
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3af2b3de4d0724b6935aed376b8e0fb593ac4ba1d1cea0a5913514078f651e04
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 839cd4a6fea38d7601c5cbb0f205d2a1add0037b3796a8ccf557915e034bfaea
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC114224B0E24262F655B331AD551BDE3565F447B0FE44334D83E06AD6DEACB461F324
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289A4C4 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                                                                                                                                                                                                                      • String ID: utf8
                                                                                                                                                                                                                                                                                                      • API String ID: 1791977518-905460609
                                                                                                                                                                                                                                                                                                      • Opcode ID: 67fed1c9758ea6c7fe35905b477efd7ac77c838a280228043001a97bbdeda1d8
                                                                                                                                                                                                                                                                                                      • Instruction ID: 21ddccd8854cd3975575197bfd43c9dce763d76f139e6cef8b6c67ded5d848c2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67fed1c9758ea6c7fe35905b477efd7ac77c838a280228043001a97bbdeda1d8
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E518021B08742A1EA65BF52DC106F9A2A4AF44B80FE44131DE5D477C6DFBDF961E320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732766640 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732783040: FindNextFileW.KERNEL32(-55555555555555D6,00000000,-5555555555555514,-5555555555555516,00000000,-55555555555554D6,00000001,.pma,00007FF732765AF3), ref: 00007FF732783148
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732783040: FindClose.KERNEL32 ref: 00007FF73278315D
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732783040: GetLastError.KERNEL32 ref: 00007FF732783280
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732783040: GetFileAttributesW.KERNEL32 ref: 00007FF732783370
                                                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32 ref: 00007FF73276678D
                                                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNEL32 ref: 00007FF7327667CA
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00007FF7327667F8
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$AttributesErrorFindLast$CloseDirectoryNextRemove
                                                                                                                                                                                                                                                                                                      • String ID: .pma
                                                                                                                                                                                                                                                                                                      • API String ID: 3974083381-3753782117
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1056ad08a65292db118d761155bbd2d7fedd04cb3efa00dbd56ddc689f120a37
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4e6985a4094217764feb4fff4493c7cb5afa1da21c86c34b792bf2cc831326b5
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1056ad08a65292db118d761155bbd2d7fedd04cb3efa00dbd56ddc689f120a37
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D51D821A1C64361EA70BB21A9553BAE791BF8ABC4FC40030EF4D07795DEADF405E764
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73273E320 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\containers\vector_buffer.h$i <= capacity_$ppapi
                                                                                                                                                                                                                                                                                                      • API String ID: 17069307-1405488379
                                                                                                                                                                                                                                                                                                      • Opcode ID: ca4f57336e16ee122d8c8dc8af8b2049739b86e88ab3e12d973d84ab3efdcf29
                                                                                                                                                                                                                                                                                                      • Instruction ID: db4a9bdc0492707ff6febd9c3df391339064fe3cad7daecf920d2052d34dbbb7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca4f57336e16ee122d8c8dc8af8b2049739b86e88ab3e12d973d84ab3efdcf29
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3A515F32A1CB85A2EA10AB15E8013AAE360FB89794F904135EF8D03B65DF7DF096D750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327756BE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97timeCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Process$CurrentErrorLastTimes
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\components\browser_watcher\exit_code_watcher_win.cc$Invalid parent handle, can't get parent process ID.$Invalid parent handle, can't get parent process times.
                                                                                                                                                                                                                                                                                                      • API String ID: 758800590-901761255
                                                                                                                                                                                                                                                                                                      • Opcode ID: e7956bba2a4d7c498d46efa3f85238b5f04ecdeb0e63ad317bfa227acba70300
                                                                                                                                                                                                                                                                                                      • Instruction ID: 11ac6b23350558cf64010ed5079362c88e6f3e8d95b7eb8ecb599564e44694c7
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7956bba2a4d7c498d46efa3f85238b5f04ecdeb0e63ad317bfa227acba70300
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9E318021B1C653A1FA60B76599123F9D215BF8ABC4FC00035DE4D07B86DEACF606E760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732766B20 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastRead
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\files\file_win.cc$File::Read$Read
                                                                                                                                                                                                                                                                                                      • API String ID: 1948546556-3098515479
                                                                                                                                                                                                                                                                                                      • Opcode ID: 90db23c5d93dcd0a02eecee692d6b4731b948562868c3a408de7b734a2a60a0f
                                                                                                                                                                                                                                                                                                      • Instruction ID: 05f34c74d5eaf7e2f19c0c308b1f6181fdbf0f146deea1a21df789fc8c442e25
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90db23c5d93dcd0a02eecee692d6b4731b948562868c3a408de7b734a2a60a0f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9931E231A18AC5A1F671AB15A802BE6F3A0FF89750F800131EF4D03654EFBDE166D750
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732769B80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CurrentProcess
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\process\process_win.cc$handle != ::GetCurrentProcess()
                                                                                                                                                                                                                                                                                                      • API String ID: 1504632068-61932956
                                                                                                                                                                                                                                                                                                      • Opcode ID: 1d14cb0ba8103f38e34f5ff65420ac9fdda1b490b0c218fed07fc0f303bb628c
                                                                                                                                                                                                                                                                                                      • Instruction ID: 8e3c021c17353dae47aafa33782d3474a2b5c31940df63bf67a2a2d419b9deba
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d14cb0ba8103f38e34f5ff65420ac9fdda1b490b0c218fed07fc0f303bb628c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17217131A0DB42A0EA50BB15E9452AAF2A1BF4E790F804035EB8E46765EEBDF051D364
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327C71A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • CreateEventW.KERNEL32(?,?,?,00000010,00000010,00007FF73279F1EC,?,00000010,00000000,?,00007FF732775633), ref: 00007FF7327C71D5
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,?,00000010,00000010,00007FF73279F1EC,?,00000010,00000000,?,00007FF732775633), ref: 00007FF7327C71EA
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,?,00000010,00000010,00007FF73279F1EC,?,00000010,00000000,?,00007FF732775633), ref: 00007FF7327C7226
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateEvent
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\synchronization\waitable_event_win.cc$handle_.is_valid()
                                                                                                                                                                                                                                                                                                      • API String ID: 3734084216-2295572629
                                                                                                                                                                                                                                                                                                      • Opcode ID: d08b8bb177716ffe4152d00d5f6b6df5bd8348704fff7f937a33fda5e592d841
                                                                                                                                                                                                                                                                                                      • Instruction ID: 59db58ade652ae70b02a5579ff7dfdcde8a95426c1c1ab14ae3e8f8163f25289
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d08b8bb177716ffe4152d00d5f6b6df5bd8348704fff7f937a33fda5e592d841
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6421BE31B2872661FB24BB25F9457AAA361BF4A790F805035DB8D03769DEBDF041D350
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73280D19F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 53fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$FileLock
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$LockFileEx
                                                                                                                                                                                                                                                                                                      • API String ID: 3337302902-445818742
                                                                                                                                                                                                                                                                                                      • Opcode ID: 19fdf8eb588dbf46101601d6000c7b2eac4f4cd490e382bf3b02fe2b991a0acc
                                                                                                                                                                                                                                                                                                      • Instruction ID: 4d5d2a498c384888edc7053f73ec9d9b321c34443e68b54fc57ed27d18ebe452
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 19fdf8eb588dbf46101601d6000c7b2eac4f4cd490e382bf3b02fe2b991a0acc
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1611D231E1C661A1F620BB28E8127F9E360FF8A794F800235DA4C077D1EEACE551D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328A0900 Relevance: 7.7, APIs: 5, Instructions: 196COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _set_statfp
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1156100317-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: f03ba2b7aabe9de697ad436691dc7d622eabf0600604ec479451acc844dd95c1
                                                                                                                                                                                                                                                                                                      • Instruction ID: e69e9a595da563dc39e75ae7579d14c2983b7970721848f1590bd68527189eda
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f03ba2b7aabe9de697ad436691dc7d622eabf0600604ec479451acc844dd95c1
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17811D12D0CA46A5F3B2AF34AD403FAE250FF49358F844235EA5E26590DFBCB4A1E610
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732895684 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • FlsGetValue.KERNEL32(?,?,?,00007FF7328979E7,?,?,00000000,00007FF7328978FA,?,?,?,?,?,00007FF732897AAA), ref: 00007FF7328956A3
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7328979E7,?,?,00000000,00007FF7328978FA,?,?,?,?,?,00007FF732897AAA), ref: 00007FF7328956C2
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7328979E7,?,?,00000000,00007FF7328978FA,?,?,?,?,?,00007FF732897AAA), ref: 00007FF7328956EA
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7328979E7,?,?,00000000,00007FF7328978FA,?,?,?,?,?,00007FF732897AAA), ref: 00007FF7328956FB
                                                                                                                                                                                                                                                                                                      • FlsSetValue.KERNEL32(?,?,?,00007FF7328979E7,?,?,00000000,00007FF7328978FA,?,?,?,?,?,00007FF732897AAA), ref: 00007FF73289570C
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: bdc160d7048e8434d61487e83fc19f96ad799ab73a00de963991c4f532122859
                                                                                                                                                                                                                                                                                                      • Instruction ID: d932f9b283061db11755667d460e2de41521762c31b1d1927cc8f7705c50518d
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bdc160d7048e8434d61487e83fc19f96ad799ab73a00de963991c4f532122859
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2113024E0E24271F954B335AD511F9E2855F447B0FE44734E83E06AD6DEADB521E224
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732895518 Relevance: 7.6, APIs: 5, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Value
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 17d422039969e531320149a7665bef27c789a055bfe689e7fa89fb702c0b3526
                                                                                                                                                                                                                                                                                                      • Instruction ID: 6f58529b6f4f30c3067d496da06f8e081b19571f9411c769efee05ee0dd77733
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17d422039969e531320149a7665bef27c789a055bfe689e7fa89fb702c0b3526
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28110624A0F20762F968B6316C651F9D2824F84770EE80734D83E0A6D3EDADB821F664
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327132CE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: InformationLogicalProcessor$ErrorLast
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1407825900-3916222277
                                                                                                                                                                                                                                                                                                      • Opcode ID: 812e7dfca67291a8629eeca55bf84e08eff6129bf5cc1ad58d0225b583dd0d6c
                                                                                                                                                                                                                                                                                                      • Instruction ID: d9f8b047de7f3e625ecd6649cca9e7341d23a89402a40dab30feb27ae35b7ec3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 812e7dfca67291a8629eeca55bf84e08eff6129bf5cc1ad58d0225b583dd0d6c
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A931A421F0C20261FE64BB15E9957BAE2D1AF8D794FC00434DA0E47781EEACF852E764
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327FC288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
                                                                                                                                                                                                                                                                                                      • API String ID: 2776309574-708485756
                                                                                                                                                                                                                                                                                                      • Opcode ID: 137fe029a308b05eb1e874f056fc3f4fcdd0fb99361c67149254ec28563eca3d
                                                                                                                                                                                                                                                                                                      • Instruction ID: c1aee326aaea038020aac7ea216db54b6a6ba488401a87f4b15ef89dd5e0b615
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 137fe029a308b05eb1e874f056fc3f4fcdd0fb99361c67149254ec28563eca3d
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98317061B1C66261FA10B721A9123F9D315AF4ABC4FC0103ADA4D07BC6DE9CF505E761
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732891744 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731,?,?,?,?,00007FF73286C48A), ref: 00007FF732891763
                                                                                                                                                                                                                                                                                                      • __vcrt_FlsGetValue.LIBVCRUNTIME ref: 00007FF732891771
                                                                                                                                                                                                                                                                                                      • SetLastError.KERNEL32(?,?,..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h,00007FF732891731,?,?,?,?,00007FF73286C48A), ref: 00007FF7328917EA
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      • ..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h, xrefs: 00007FF73289174E
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorLast$Value__vcrt_
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\buildtools\third_party\libc++\trunk\include\__memory\construct_at.h
                                                                                                                                                                                                                                                                                                      • API String ID: 4149748849-1761846391
                                                                                                                                                                                                                                                                                                      • Opcode ID: 2a29c0e59f4801678ca501540980a81fa4be176c93d9df65f15f3f11e51014b3
                                                                                                                                                                                                                                                                                                      • Instruction ID: a5aff636ef5b5351dc9f455248179322e02692acc886f475a6dbc2de8f16832c
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2a29c0e59f4801678ca501540980a81fa4be176c93d9df65f15f3f11e51014b3
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1116028F0D20771FA60B721BC400B9A2916F44BE0F944A34D92E077D9DEACB571E770
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73280D284 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$UnlockFileEx
                                                                                                                                                                                                                                                                                                      • API String ID: 3655728120-3540829929
                                                                                                                                                                                                                                                                                                      • Opcode ID: 0a91c6cd17ea1fc1f499c403f715b18cf620ac35acfc916a5c942d283cfcc1da
                                                                                                                                                                                                                                                                                                      • Instruction ID: 86ab08d7924fb5eb5983f546d204bc86864cb27dbdd39ef7b05f1e2251a2a502
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a91c6cd17ea1fc1f499c403f715b18cf620ac35acfc916a5c942d283cfcc1da
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9110432F18A52A1FA20BB29A8017F6A361AF89394FC04235DE5C077C5EE6CE046D720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73280D349 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetFilePointerEx
                                                                                                                                                                                                                                                                                                      • API String ID: 2976181284-3423003897
                                                                                                                                                                                                                                                                                                      • Opcode ID: c17c97cb69ebb07859aa16667e59d1e5dc82da3b22f3de0db91d2dde39b6af34
                                                                                                                                                                                                                                                                                                      • Instruction ID: fa69cb831e165dbaf34b367c371bde57950d02a00c56d1802783cc10ba4365e3
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c17c97cb69ebb07859aa16667e59d1e5dc82da3b22f3de0db91d2dde39b6af34
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A811E731B0C65260FA70B725B9117FAA390AF49794FC01235D95D07BD5DEACE146DB20
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73280D41A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: File$ErrorLastPointer
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$SetEndOfFile
                                                                                                                                                                                                                                                                                                      • API String ID: 841452515-359779137
                                                                                                                                                                                                                                                                                                      • Opcode ID: 9c12e7deb46b23b0de3be8d1ba8af4e8fbaaa5dcd66a8c6d0ac44a73ceb70438
                                                                                                                                                                                                                                                                                                      • Instruction ID: c3da54b6fed7e30d2279d813a42c21145451205b68561f602e6fce8092bff6de
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9c12e7deb46b23b0de3be8d1ba8af4e8fbaaa5dcd66a8c6d0ac44a73ceb70438
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF018421F1C56261FA20B729AC127FAA351AF89B84FC04039DE4D07786DE9CF416DB60
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732715380 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                      • String ID: RtlCaptureStackBackTrace$ntdll.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-693287458
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8934f3cd2eea41e4eebf7604ab8ab505545c8bcb7f0c111bd688602655f7d796
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5ed5023b82da34fd6fff8f8b3136ec6150197c52805538d51770a15d38818f3f
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8934f3cd2eea41e4eebf7604ab8ab505545c8bcb7f0c111bd688602655f7d796
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F01F522E04746A2EA246F21BC402A8E260BF557A4FD44231CBAD027D1EFFCB1A0D320
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7328194D8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35threadCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CreateThread
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\thread\thread_win.cc$CreateThread$platform_thread_
                                                                                                                                                                                                                                                                                                      • API String ID: 2422867632-956774608
                                                                                                                                                                                                                                                                                                      • Opcode ID: 8f7f2df9d3114c455d0b5eb0d70e9264b23e58b1aabdbef356b238dda2f3ecab
                                                                                                                                                                                                                                                                                                      • Instruction ID: e6f30653668b363eed08a33dff71fcf2c5944719bc7f409e0c9da9e40c4467eb
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8f7f2df9d3114c455d0b5eb0d70e9264b23e58b1aabdbef356b238dda2f3ecab
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7401B161A1C64261FA04FB25A8113EAA390BF88784FC04035DA4E037A0DFBCF113D721
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73271D630 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                      • String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-706389432
                                                                                                                                                                                                                                                                                                      • Opcode ID: 643a7fbd3d9c52cd9c991ea0ce2c823b6cf06d6ab20b2986f2123b228dc38acd
                                                                                                                                                                                                                                                                                                      • Instruction ID: f7c976ad1b74dd624ce514eff94fe21d8b66a3b808cd5c6357fb1fdb3078c68b
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 643a7fbd3d9c52cd9c991ea0ce2c823b6cf06d6ab20b2986f2123b228dc38acd
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14E0EC24E0AB07F0EA08BB09BC451A0A3A0AF55740FC01434C81D02320DFBCA0B6E720
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276FBA0 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 17069307-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 66240b599e424a680d16d82656863d685041898a4285a532989f31601c4449b2
                                                                                                                                                                                                                                                                                                      • Instruction ID: 5312855f6adee92a3830f69dd67824f4541673cf271f7a46ff175bcf5aff78aa
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 66240b599e424a680d16d82656863d685041898a4285a532989f31601c4449b2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2514F36A09A02A2EA24EF16D450379A7A0FB8AB94F844031DF4E07750CF7CF5A5E754
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73276BB80 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 76sleepCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • Sleep.KERNEL32(?,?,00000049,?,7FFFFFFFFFFFFFFF,LogMessage,00007FF73274AABA,?,?,00000049,00000000,?,LogMessage,00007FF73276EAAF), ref: 00007FF73276BC74
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Sleep
                                                                                                                                                                                                                                                                                                      • String ID: !is_inf() || (delta_ == other.delta_)$..\..\base\time\time.h$LogMessage
                                                                                                                                                                                                                                                                                                      • API String ID: 3472027048-1107476367
                                                                                                                                                                                                                                                                                                      • Opcode ID: e9a1cacdc837dcbe3c9d647498b771348ad79eae29cd67908ade21557ea4a2ad
                                                                                                                                                                                                                                                                                                      • Instruction ID: 53c8370b0213ae98c1459992588a95d1a39affbe88af0129f0e5232233b22ca0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e9a1cacdc837dcbe3c9d647498b771348ad79eae29cd67908ade21557ea4a2ad
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1B212632718A0561EE20E711E8151BAA391FB8EBE0FC04231EA5E57BE4DE6CE103D714
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327527D0 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • TryAcquireSRWLockExclusive.KERNEL32 ref: 00007FF732752838
                                                                                                                                                                                                                                                                                                      • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF732752875
                                                                                                                                                                                                                                                                                                      • _Init_thread_header.LIBCMT ref: 00007FF7327528A6
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF73276BAA0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF732762B15,?,?,?,?,?,?), ref: 00007FF73276BAEE
                                                                                                                                                                                                                                                                                                      • _Init_thread_header.LIBCMT ref: 00007FF7327528E8
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF73286A960: EnterCriticalSection.KERNEL32(?,?,?,00007FF73278FE51,?,?,?,?,00007FF73276176D), ref: 00007FF73286A970
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExclusiveLock$AcquireInit_thread_header$CriticalEnterReleaseSection
                                                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                                                      • API String ID: 1945866616-0
                                                                                                                                                                                                                                                                                                      • Opcode ID: 64f62e0c03c986b13a76138bff8273ea7c914c991a0345226d48fd09a487e5cb
                                                                                                                                                                                                                                                                                                      • Instruction ID: a57136b1b41b7327e48d73e861ef306ea743b3ec44bb2445bd2dd590194f89f2
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 64f62e0c03c986b13a76138bff8273ea7c914c991a0345226d48fd09a487e5cb
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3F312765E09A02B1FA50FB10FC911F5A360BF69754FE04231DA1E522E09FBCF4A1E768
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73280D4CD Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\third_party\crashpad\crashpad\util\file\file_io_win.cc$CloseHandle
                                                                                                                                                                                                                                                                                                      • API String ID: 918212764-1830217499
                                                                                                                                                                                                                                                                                                      • Opcode ID: 38f6f0a39b3c1358f25b6a3af621b65153886beb3e90e38ef24adf996a0cf98a
                                                                                                                                                                                                                                                                                                      • Instruction ID: fadf5537dc004173d15cc64ef2a618b71751fce3bb192dc81048b2a3e92c2a0a
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38f6f0a39b3c1358f25b6a3af621b65153886beb3e90e38ef24adf996a0cf98a
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4601B532F0C62261FA20B724AD127FAA351AF897D4FC00135DE4D0B792DE9CE555D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732887778 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • WriteFile.KERNEL32(?,00000180,?,00000000,?,00007FF732886EC3,?,?,?,?,00007FF73288706C,Unknown field type %u (errno: %d, %s)), ref: 00007FF73288788F
                                                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000180,?,00000000,?,00007FF732886EC3,?,?,?,?,00007FF73288706C,Unknown field type %u (errno: %d, %s)), ref: 00007FF7328878B1
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                                                                                                                      • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                                                                      • Opcode ID: d87b2b089960adee7a905863f39cccb2d2989ac0f551ece99b54c816f7c82687
                                                                                                                                                                                                                                                                                                      • Instruction ID: f9c6c56c17990995357589120f68b91340640f902129718620f5c65d0ee26b20
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d87b2b089960adee7a905863f39cccb2d2989ac0f551ece99b54c816f7c82687
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6641D222B18A55A2EB20EF25E8443FAA7A0FB98794F804031EE4D87798DF7CD451D764
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF732759790 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: Init_thread_header
                                                                                                                                                                                                                                                                                                      • String ID: ..\..\base\memory\ref_counted.h$ref_count_.Increment() != std::numeric_limits<int>::max()
                                                                                                                                                                                                                                                                                                      • API String ID: 3738618077-1440755620
                                                                                                                                                                                                                                                                                                      • Opcode ID: e643fd31b3be40ead7deed748e2b68c77e338f36b6a91d7cc8b447c177678886
                                                                                                                                                                                                                                                                                                      • Instruction ID: a7a3d8ac9d58f8706135c7c5e0ef02fad02477b85293f62a6c6c37f9b9ea3fed
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e643fd31b3be40ead7deed748e2b68c77e338f36b6a91d7cc8b447c177678886
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4031A131A09602A2F650FB24E8511F9F391BF997A0FA08235D75D023E1DEBCF491E7A4
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289C508 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: CurrentDirectory
                                                                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                                                                      • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                                                                      • Opcode ID: 44a974b5c042a0063e92c6e874dc2737d0cd0ac8e4c09617e73d8b901e42ef8f
                                                                                                                                                                                                                                                                                                      • Instruction ID: afa6f5f0ddc25a0970d7d3183fd40257a2e88408c3f80c7bff86d628d6deca33
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44a974b5c042a0063e92c6e874dc2737d0cd0ac8e4c09617e73d8b901e42ef8f
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74213473A0828191EB20AB15D8442AEB3A2FB88B84FD14035D64C03284DFBCF955D760
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73286C35C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73286AF4F), ref: 00007FF73286C3A0
                                                                                                                                                                                                                                                                                                      • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF73286AF4F), ref: 00007FF73286C3E6
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                                                                      • String ID: csm
                                                                                                                                                                                                                                                                                                      • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                                                                      • Opcode ID: ee8440854ae8c5efdc716e4faaa9fc74daa90cc8678678494200ca245a51b7de
                                                                                                                                                                                                                                                                                                      • Instruction ID: 7b623602f06612db4ac06aebcb5789d57d2433931a7aa8192a0cd20811547213
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee8440854ae8c5efdc716e4faaa9fc74daa90cc8678678494200ca245a51b7de
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9114F36A08B4192EB509F15E9442A9BBA1FB98B84F5C4231DF8D07754DF7CD561C704
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF7327137B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                        • Part of subcall function 00007FF732883384: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF73286FB16,?,?,?,00007FF732897AE2), ref: 00007FF7328833AA
                                                                                                                                                                                                                                                                                                      • __std_exception_destroy.LIBVCRUNTIME ref: 00007FF7327137F9
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: FeaturePresentProcessor__std_exception_destroy
                                                                                                                                                                                                                                                                                                      • String ID: Bad optional access$bad_optional_access.cc
                                                                                                                                                                                                                                                                                                      • API String ID: 2848415949-3504071562
                                                                                                                                                                                                                                                                                                      • Opcode ID: 549b663f37ac57f97c91ec2f4f1363acfd644f8b71f8d8406accff426cc5462e
                                                                                                                                                                                                                                                                                                      • Instruction ID: 3f3d06e38f226bc6db4dd6f6fd77e0b6e2cb53f1320aabea369ce618168377c9
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 549b663f37ac57f97c91ec2f4f1363acfd644f8b71f8d8406accff426cc5462e
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A5E0E520F09513A1FA49BB56AC421F892109F85B50FD48031DE0C06745DDACB567E330
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73289F71C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                                                                                                                      • API String ID: 3215553584-336475711
                                                                                                                                                                                                                                                                                                      • Opcode ID: 900fd6c87aeec2730a350f79e32cadbd04d575c495290edc99b895d6f2b19ba2
                                                                                                                                                                                                                                                                                                      • Instruction ID: b1b0d7c8a3e5016bbe88d43db9c096c2a0883b0235600d7a66278d0d02142f57
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 900fd6c87aeec2730a350f79e32cadbd04d575c495290edc99b895d6f2b19ba2
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C201AD62918242A2F724BF60A8611FEB3A0EF58704FD00035E64D42695DFBCE128EB24
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                                                                                                                      Function 00007FF73279A840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                                                      • Source File: 00000018.00000002.2791913338.00007FF732711000.00000020.00000001.01000000.00000011.sdmp, Offset: 00007FF732710000, based on PE: true
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2791858500.00007FF732710000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328A6000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328CA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792135982.00007FF7328DA000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792289247.00007FF7328F9000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF7328FA000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792314895.00007FF732901000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732904000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792376381.00007FF732914000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792490515.00007FF73291B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792529065.00007FF73291C000.00000020.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      • Associated: 00000018.00000002.2792601881.00007FF73291D000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_24_2_7ff732710000_NW_store.jbxd
                                                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                                                                                                      • String ID: GetHandleVerifier
                                                                                                                                                                                                                                                                                                      • API String ID: 1646373207-1090674830
                                                                                                                                                                                                                                                                                                      • Opcode ID: 734ffcbd33a7c29f32c6e84d78b1019c2ee251ecac2462367c3395497ec28968
                                                                                                                                                                                                                                                                                                      • Instruction ID: c4e65b0200f6c230ca1828d632ce9a01f500347d4fae81332b8cfdacfd54d6f0
                                                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 734ffcbd33a7c29f32c6e84d78b1019c2ee251ecac2462367c3395497ec28968
                                                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBF03A20E0E707B0FF5DBB2998526759390BF49B40FE04439C51E42294DEAC7046E271
                                                                                                                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                                                                                                                      Uniqueness Score: -1.00%